VIRY.CZ

Pomáháme v boji s počítačovou havěti!
https://forum.viry.cz:443/

Po restartu, vše jak před dvěma dny... pls. Help

https://forum.viry.cz:443/viewtopic.php?t=99828

Stránka 3 z 4

Re: Po restartu, vše jak před dvěma dny... pls. Help

Napsal: 10 dub 2010 12:29
od Spo.On
Ten soubor neznám.. s tím CF je problém v tom že restartuje PC a po něm je vše jako před tím.... a žádný log se neuloží

Re: Po restartu, vše jak před dvěma dny... pls. Help

Napsal: 10 dub 2010 13:31
od Spo.On
Ano je ton tak jak píšete, ty dva programy se můžou smazat...

scan z odlazim:
SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 14:20 on 10/04/2010 by Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "odlazim.exe"
No files found.

Searching for "odlazim.*"
No files found.

========== regfind ==========

Searching for "odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"

Searching for "odlazim"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\AutoRun\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\explore\command]
@="STOBOM/odlazim.exe"
[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\open\command]
@="STOBOM/odlazim.exe"

-=End Of File=-

malý log z gmer:

GMER 1.0.15.15281 - http://www.gmer.net
Rootkit quick scan 2010-04-10 14:26:34
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\pxtdypow.sys


---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)
AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

---- EOF - GMER 1.0.15 ----

Re: Po restartu, vše jak před dvěma dny... pls. Help

Napsal: 10 dub 2010 14:45
od Spo.On
Tak asi smůla po dokončení logu se restartuje PC.... zkusím to ještě jednou... tenhle program nejde odstranit: C:\Program Files\Faronics a ani nevím kde jsem k němu přišel...

Re: Po restartu, vše jak před dvěma dny... pls. Help

Napsal: 10 dub 2010 15:57
od Spo.On
Tak to nevím jestli bylo neco ve smyslu file suspecion ci device.. :oops:


OTL logfile created on: 4/10/2010 5:40:14 PM - Run
OTLPE by OldTimer - Version 3.1.37.1 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000405 | Country: Česká republika | Language: CSY | Date Format: d.M.yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 84.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 465.75 Gb Total Space | 179.54 Gb Free Space | 38.55% Space Free | Partition Type: NTFS
Drive D: | 1.90 Gb Total Space | 1.43 Gb Free Space | 75.37% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive X: | 276.80 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO
Current User Name: SYSTEM
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2009/08/05 12:38:58 | 001,056,256 | ---- | M] (Faronics Corporation) [Auto] -- C:\Program Files\Faronics\Deep Freeze\Install C-0\DFServ.exe -- (DFServ)
SRV - [2009/02/10 12:01:49 | 000,116,104 | ---- | M] () [Auto] -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe -- (IJPLMSVC)
SRV - [2008/07/11 14:00:06 | 000,080,392 | ---- | M] () [Auto] -- C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe -- (GEST Service)
SRV - [2007/12/31 19:17:50 | 000,308,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgwdsvc.exe -- (avg9wd)
SRV - [2007/12/31 19:17:35 | 000,916,760 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG9\avgemc.exe -- (avg9emc)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (cpuz130)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2010/04/04 03:37:13 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\gdrv.sys -- (gdrv)
DRV - [2010/04/02 03:20:43 | 000,024,944 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\GVTDrv.sys -- (GVTDrv)
DRV - [2010/03/20 15:00:55 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\etdrv.sys -- (etdrv)
DRV - [2010/01/25 13:51:18 | 000,025,512 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ggsemc.sys -- (ggsemc)
DRV - [2010/01/25 13:51:18 | 000,013,224 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ggflt.sys -- (ggflt)
DRV - [2009/12/19 09:42:37 | 000,330,264 | ---- | M] (Intel Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\iaStor.sys -- (iaStor)
DRV - [2009/08/05 12:48:02 | 000,152,472 | ---- | M] (Faronics Corporation) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\DeepFrz.sys -- (DeepFrz)
DRV - [2009/05/24 19:00:00 | 000,026,736 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt -- (EverestDriver)
DRV - [2009/02/22 19:16:22 | 000,007,168 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys -- (AODDriver)
DRV - [2008/12/12 10:27:46 | 000,018,432 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2008/12/12 10:27:46 | 000,014,336 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)
DRV - [2008/08/02 00:20:00 | 006,121,856 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/06/16 03:08:42 | 000,109,184 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/04/13 17:06:06 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/12/31 19:18:01 | 000,242,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2007/12/31 19:17:57 | 000,029,512 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2007/12/31 19:17:33 | 000,216,200 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2006/11/03 03:32:30 | 004,394,496 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2001/08/17 15:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... R}&ar=home
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/ ... chcust.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn.com/{SUB_RFC1766}/ ... chasst.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft.com/isapi/redir.dl ... r=iesearch
IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft.com/isapi/redir.dl ... ar=msnhome
IE - HKU\Administrator_ON_C\..\URLSearchHook: {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll (DeviceVM Inc.)
IE - HKU\Administrator_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://seznam.cz/"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:9.0.0.783
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}:6.0.16
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}:6.0.17
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3

FF - HKLM\software\mozilla\Firefox\extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2010/01/04 16:26:37 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2010/01/25 11:12:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/13 13:35:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/04 03:29:55 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/04 03:29:53 | 000,000,000 | ---D | M]

[2009/12/19 15:23:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\mozilla\Extensions
[2009/12/19 15:23:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Data aplikací\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/04/04 03:48:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\mozilla\Firefox\Profiles\devn4wnd.default\extensions
[2010/01/25 13:42:48 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Data aplikací\mozilla\Firefox\Profiles\devn4wnd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/04/04 03:48:18 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/02 13:46:16 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/01/04 16:39:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
[2010/01/04 16:26:46 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/03/24 11:03:49 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/03/24 11:03:50 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/01/04 16:26:36 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
[2010/02/11 09:19:23 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
[2010/03/24 11:04:03 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2008/09/10 15:56:44 | 000,144,960 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll
[2010/02/10 16:09:17 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
[2010/02/10 16:09:17 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
[2010/02/10 16:09:17 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
[2010/02/10 16:09:17 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
[2010/02/10 16:09:17 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
[2010/02/10 16:09:17 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
[2010/02/10 16:09:17 | 000,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
[2008/09/10 15:37:54 | 000,094,208 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
[2010/03/11 16:15:05 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/03/11 16:15:05 | 000,000,638 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\jyxo-cz.xml
[2010/03/11 16:15:05 | 000,001,687 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\mall-cz.xml
[2010/03/11 16:15:05 | 000,001,367 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\seznam-cz.xml
[2010/03/11 16:15:05 | 000,000,654 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\slunecnice-cz.xml
[2010/03/11 16:15:05 | 000,001,179 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-cz.xml

O1 HOSTS File: ([2001/10/25 09:00:00 | 000,000,737 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKU\Administrator_ON_C\..\Toolbar\ShellBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Adresa) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (&Odkazy) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O4 - HKLM..\Run: [Alcmtr] C:\WINDOWS\Alcmtr.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [AVG9_TRAY] C:\Program Files\AVG\AVG9\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [DrvIcon] C:\Program Files\Vista Drive Icon\DrvIcon.exe File not found
O4 - HKLM..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe ()
O4 - HKLM..\Run: [GEST] File not found
O4 - HKLM..\Run: [ISUSPM Startup] C:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [ISUSScheduler] C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe (InstallShield Software Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [RTHDCPL] C:\WINDOWS\RTHDCPL.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SkyTel] C:\WINDOWS\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [SmartGuardian] C:\Program Files\ITE\Smart Guardian\ITESMART.EXE (ITE Tech. Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKU\.DEFAULT..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\Administrator_ON_C..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found
O4 - HKU\Administrator_ON_C..\Run: [ICQ] C:\Program Files\ICQ6.5\ICQ.exe File not found
O4 - HKU\Administrator_ON_C..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe (Take-Two Interactive Software, Inc.)
O4 - HKU\LocalService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\GIGABYTE Gamer HUD.lnk = File not found
O4 - Startup: C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění\MemSet.exe.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění\forteManager.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinsta ... s-i586.cab (Java Plug-in 1.6.0_17)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\DfLogon: DllName - LogonDll.dll - C:\WINDOWS\System32\LogonDll.dll ()
O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Proces mezipaměti kategorií součástí - C:\WINDOWS\system32\browseui.dll (Společnost Microsoft)
O24 - Desktop Components:0 (Aktuální domovská stránka) - About:Home
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Data aplikací\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/12/19 14:19:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/02/27 15:15:34 | 000,000,220 | ---- | M] () - D:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\AutoRun\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\explore\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{1eac458e-1499-11df-ae3c-001fd02de8e2}\Shell\open\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\AutoRun\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\explore\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{3bca36e8-eee8-11de-b94a-001fd02de8e2}\Shell\open\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\AutoRun\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\explore\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{3bca36e9-eee8-11de-b94a-001fd02de8e2}\Shell\open\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{51a8d543-ecd2-11de-acc2-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{51a8d543-ecd2-11de-acc2-806d6172696f}\Shell\AutoRun\command - "" = D:\SETUP.EXE -- File not found
O33 - MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\AutoRun\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\explore\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{f18edcd6-082e-11df-ade7-001fd02de8e2}\Shell\open\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\AutoRun\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\explore\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\{f18edcd7-082e-11df-ade7-001fd02de8e2}\Shell\open\command - "" = STOBOM/odlazim.exe
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- File not found
O34 - HKLM BootExecute: (autocheck autochk /k:C *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/04/04 11:07:06 | 000,000,000 | ---D | C] -- C:\Program Files\Faronics
[2010/04/04 05:20:34 | 001,066,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Mscomctl.ocx
[2010/04/04 05:20:34 | 000,118,784 | R--- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\Msstdfmt.dll
[2010/04/04 05:20:34 | 000,102,912 | R--- | C] (Zeal SoftStudio) -- C:\WINDOWS\System32\Ntport.dll
[2010/04/04 05:20:34 | 000,006,080 | ---- | C] (Zeal SoftStudio) -- C:\WINDOWS\System32\drivers\zntport.sys
[2010/04/04 05:20:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\SysWow64
[2010/04/04 05:20:33 | 000,000,000 | ---D | C] -- C:\Program Files\ITE
[2010/04/04 04:59:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\4A Games
[2010/04/04 04:53:49 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_6.dll
[2010/04/04 04:53:49 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAPOFX1_4.dll
[2010/04/04 04:53:48 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_6.dll
[2010/04/04 04:53:48 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\X3DAudio1_7.dll
[2010/04/04 04:53:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2010/04/04 04:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\METRO 2033
[2010/04/04 03:23:56 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/04/03 11:45:05 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2010/04/03 05:27:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dokumenty\4A Games
[2010/04/03 04:00:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools Lite
[2010/04/03 03:17:13 | 000,000,000 | ---D | C] -- C:\Program Files\Steam
[2010/04/02 16:30:04 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Plocha\Games
[2010/04/02 16:12:25 | 000,069,632 | ---- | C] (Realtek Semiconductor Corp.) -- C:\WINDOWS\Alcmtr.exe
[2010/04/02 16:07:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\NV3676340.TMP
[2010/04/02 15:43:20 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irftp.exe
[2010/04/02 15:43:20 | 000,152,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irftp.exe
[2010/04/02 15:43:20 | 000,088,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irda.sys
[2010/04/02 15:43:20 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irmon.dll
[2010/04/02 15:43:20 | 000,019,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rasirda.sys
[2010/04/02 15:43:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\wshirda.dll
[2010/04/02 15:43:20 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wshirda.dll
[2010/04/02 15:42:01 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\irsir.sys
[2010/04/02 15:42:01 | 000,018,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irsir.sys
[2010/04/02 06:58:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\I96PD205
[2010/04/02 06:57:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\Awd890
[2010/03/30 11:01:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\DCIM
[2010/03/30 08:34:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\metro
[2010/03/28 04:21:39 | 000,000,000 | ---D | C] -- C:\RAR
[2010/03/19 14:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Plocha\Skály
[2010/03/16 11:50:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Dokumenty\BFBC2
[2010/03/15 21:37:50 | 013,570,048 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcpl.dll
[2010/03/15 21:37:50 | 000,229,376 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmccs.dll
[2010/03/15 21:37:50 | 000,143,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvcolor.exe
[2010/03/15 21:37:50 | 000,086,016 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvmctray.dll
[2010/03/15 21:37:44 | 000,081,920 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\System32\nvwddi.dll
[2010/03/15 14:56:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\vlc
[2010/03/15 14:56:00 | 000,000,000 | ---D | C] -- C:\Program Files\BRS
[2010/03/15 14:51:19 | 000,000,000 | ---D | C] -- C:\Program Files\Codemasters
[2010/03/14 13:54:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Data aplikací\Mikrotik
[2010/03/12 09:32:40 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\XAudio2_5.dll
[2010/03/12 09:32:39 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\D3DCompiler_42.dll
[2010/03/12 09:32:39 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xactengine3_5.dll
[2010/03/12 09:32:38 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dcsx_42.dll
[2010/03/12 09:32:38 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx11_42.dll
[2010/02/10 18:19:22 | 000,346,296 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2010/02/10 18:19:22 | 000,346,296 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\IconCache.db
[2010/01/25 11:38:09 | 000,607,848 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2009/12/23 14:01:41 | 000,082,944 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/23 14:01:41 | 000,082,944 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/19 16:07:46 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\PnkBstrK.sys
[2009/12/19 14:27:13 | 000,020,704 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2009/12/19 14:27:13 | 000,020,704 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\GDIPFONTCACHEV1.DAT
[2009/12/19 14:26:46 | 000,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Data aplikací\desktop.ini
[2006/06/29 09:58:52 | 000,030,808 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont
[2006/06/29 09:53:56 | 000,026,489 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 10:39:28 | 000,029,779 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/04/18 10:39:28 | 000,026,040 | ---- | C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

Re: Po restartu, vše jak před dvěma dny... pls. Help

Napsal: 10 dub 2010 15:58
od Spo.On
========== Files - Modified Within 30 Days ==========

[2010/04/10 11:07:42 | 004,194,304 | ---- | M] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/04/04 11:07:52 | 000,233,472 | ---- | M] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2010/04/04 11:07:52 | 000,229,376 | ---- | M] () -- C:\Documents and Settings\NetworkService\NTUSER.DAT
[2010/04/04 11:07:44 | 000,607,848 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Data aplikací\FontCache3.0.0.0.dat
[2010/04/04 11:07:43 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/04/04 11:07:38 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/04/04 11:07:16 | 016,336,546 | ---- | M] () -- C:\Persi0.sys
[2010/04/04 11:06:02 | 005,382,270 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\4thApril Passes.zip
[2010/04/04 11:04:17 | 058,530,994 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2010/04/04 10:26:00 | 000,000,940 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/04/04 03:37:15 | 000,263,851 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/04/04 03:37:13 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\gdrv.sys
[2010/04/04 03:32:11 | 000,000,936 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/04/04 03:32:07 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/04/04 03:32:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstet.dat
[2010/04/04 03:18:23 | 000,432,356 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/04/04 03:18:23 | 000,428,750 | ---- | M] () -- C:\WINDOWS\System32\perfh005.dat
[2010/04/04 03:18:23 | 000,077,872 | ---- | M] () -- C:\WINDOWS\System32\perfc005.dat
[2010/04/04 03:18:23 | 000,067,312 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/04/03 07:19:23 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/04/03 03:49:18 | 000,008,410 | ---- | M] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010/04/02 16:04:46 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/02 03:20:43 | 000,024,944 | ---- | M] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2010/04/02 03:20:42 | 000,000,004 | ---- | M] () -- C:\WINDOWS\System32\GVTunner.ref
[2010/03/30 11:03:22 | 000,082,944 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Data aplikací\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/29 12:48:21 | 000,138,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2010/03/25 14:36:06 | 000,012,783 | ---- | M] () -- C:\Documents and Settings\Administrator\Plocha\vtip.odt
[2010/03/20 15:00:55 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) -- C:\WINDOWS\etdrv.sys
[2010/03/16 02:51:59 | 002,183,470 | ---- | M] () -- C:\WINDOWS\System32\nvdata.bin
[2010/03/16 02:51:59 | 000,025,695 | ---- | M] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/03/16 02:51:59 | 000,009,046 | ---- | M] () -- C:\WINDOWS\System32\nvinfo.pb
[2010/03/15 21:37:34 | 000,066,714 | ---- | M] () -- C:\WINDOWS\System32\NvwsApps.xml
[2010/03/15 11:34:18 | 001,020,388 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/12 10:05:08 | 000,393,733 | ---- | M] () -- C:\AnalysisLog.sr0
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/04/04 11:07:11 | 016,336,546 | ---- | C] () -- C:\Persi0.sys
[2010/04/04 11:07:09 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\LogonDll.dll
[2010/04/04 11:04:22 | 005,382,270 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\4thApril Passes.zip
[2010/04/04 05:20:34 | 000,046,080 | R--- | C] () -- C:\WINDOWS\System32\itevio.dll
[2010/04/04 05:20:34 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\drivers\a.bat
[2010/04/03 03:49:18 | 000,008,410 | ---- | C] () -- C:\Documents and Settings\Administrator\.recently-used.xbel
[2010/04/02 16:08:01 | 000,198,941 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2010/04/02 11:42:13 | 004,194,304 | ---- | C] () -- C:\Documents and Settings\Administrator\ntuser.dat
[2010/04/02 11:42:13 | 000,233,472 | ---- | C] () -- C:\Documents and Settings\LocalService\ntuser.dat
[2010/03/25 14:36:06 | 000,012,783 | ---- | C] () -- C:\Documents and Settings\Administrator\Plocha\vtip.odt
[2010/03/21 04:06:22 | 000,000,004 | ---- | C] () -- C:\WINDOWS\System32\GVTunner.ref
[2010/03/15 21:37:34 | 000,263,851 | ---- | C] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/15 21:37:34 | 000,066,714 | ---- | C] () -- C:\WINDOWS\System32\NvwsApps.xml
[2010/03/12 10:04:59 | 000,393,733 | ---- | C] () -- C:\AnalysisLog.sr0
[2009/12/23 14:38:28 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2009/12/23 14:38:28 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2009/12/22 17:06:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bench32.INI
[2009/12/20 09:42:41 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\NxExtensions.dll
[2009/12/19 16:07:46 | 000,138,184 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/12/19 16:07:27 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2009/12/19 14:55:28 | 000,024,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\GVTDrv.sys
[2009/12/19 14:45:00 | 000,168,448 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/19 14:45:00 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2009/11/06 05:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/05/21 00:24:48 | 000,001,683 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2008/08/02 00:20:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2008/08/02 00:20:00 | 001,499,136 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2008/08/02 00:20:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2008/08/02 00:20:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2008/08/02 00:20:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/06/27 16:49:42 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2004/06/27 14:15:12 | 000,679,936 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[1996/04/03 15:33:26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/02/07 08:07:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Ashampoo
[2009/12/23 14:08:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\avidemux
[2010/02/06 16:07:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Canon
[2010/04/04 03:28:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools Lite
[2010/02/11 17:29:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\DassaultSystemes
[2010/02/11 09:19:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Foxit
[2010/01/23 11:08:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\GHISLER
[2010/02/21 05:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\gtk-2.0
[2009/12/30 12:53:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ICQ
[2010/01/24 11:05:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Leadertech
[2010/03/14 13:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Mikrotik
[2009/12/20 09:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\OpenOffice.org
[2010/01/04 17:01:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\Opera
[2009/12/28 14:56:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\QIP
[2010/02/10 07:10:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ViGlance
[2010/02/10 07:10:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ViSplore
[2010/02/10 07:11:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Data aplikací\ViStart

========== Purity Check ==========



========== Custom Scans ==========



<

Kód: Vybrat vše

 >[/color]
 
[color=#A23BEC]< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run /s >[/color]
"CTFMON.EXE" = C:\WINDOWS\system32\ctfmon.exe -- [2008/04/14 03:52:18 | 000,040,448 | ---- | M] (Microsoft Corporation)
"EA Core" = "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent -- File not found
"ICQ" = "C:\Program Files\ICQ6.5\ICQ.exe" silent -- File not found
"RGSC" = C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent -- [2010/01/24 06:32:19 | 000,306,088 | ---- | M] (Take-Two Interactive Software, Inc.)
 
[color=#A23BEC]< c:\windows\*.* /U >[/color]
[5 c:\windows\*.tmp files -> c:\windows\*.tmp -> ]
 
[color=#A23BEC]< %SYSTEMDRIVE%\*.exe >[/color]
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.
 
Invalid Environment Variable: %ALLUSERSPROFILE%\Application Data\*.exe
 
Invalid Environment Variable: %APPDATA%\*.
 
Invalid Environment Variable: %APPDATA%\*.exe
 
 
[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2004/08/17 08:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 19:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/17 08:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 19:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
[color=#A23BEC]< MD5 for: CHANGER.SYS  >[/color]
[2004/08/17 08:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
[2008/04/13 19:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) MD5=2A5815CA6FFF24B688C01F828B96819C -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
 
[color=#A23BEC]< MD5 for: CRYPTSVC.DLL  >[/color]
[2004/08/17 08:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) MD5=70D2A1756F4B2067658A186C963FCABD -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
[2008/04/14 03:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008/04/14 03:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) MD5=F3AB0933CBD166D271992F411C27CCAF -- C:\WINDOWS\system32\cryptsvc.dll
 
[color=#A23BEC]< MD5 for: EVENTLOG.DLL  >[/color]
[2008/04/14 03:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=2EE99F67C930931EB404DADCE57E976E -- C:\WINDOWS\system32\eventlog.dll
[2004/08/17 08:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=6EB66066D5C0175320CFEA0A4C74C88F -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
[color=#A23BEC]< MD5 for: EXPLORER.EXE  >[/color]
[2008/04/14 03:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) MD5=27AFD587C462E280EE046B8CCA3C2CD1 -- C:\WINDOWS\NiwradSoft Shell Pack\Backup\explorer.exe
[2004/08/17 08:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) MD5=53114D57AB73A406AC7F602227781A99 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
[2008/04/14 03:52:24 | 001,541,120 | ---- | M] (Microsoft Corporation) MD5=D63C59BB0CA2F83B62D003FD52863090 -- C:\WINDOWS\explorer.exe
[2008/04/14 03:52:24 | 001,541,120 | ---- | M] (Microsoft Corporation) MD5=D63C59BB0CA2F83B62D003FD52863090 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
[color=#A23BEC]< MD5 for: HAL.DLL  >[/color]
[2004/08/17 08:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
[2008/04/13 19:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=4329EE7D502C9113EBA0F9570392F5EE -- C:\WINDOWS\system32\HAL.DLL
[2008/04/13 19:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) MD5=6DB1E72AD3B372DFC451B7F54BA08AA7 -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
[2004/08/03 15:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) MD5=DFCE51FD96909D1B97D4A1A72D060D77 -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
 
[color=#A23BEC]< MD5 for: IASTOR.SYS  >[/color]
[2009/12/19 09:42:37 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\WINDOWS\NLDRV\001\iastor.sys
[2009/12/19 09:42:37 | 000,330,264 | ---- | M] (Intel Corporation) MD5=D483687EACE0C065EE772481A96E05F5 -- C:\WINDOWS\system32\drivers\iaStor.sys
 
[color=#A23BEC]< MD5 for: ISAPNP.SYS  >[/color]
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
[2001/10/24 06:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
[2001/10/25 09:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) MD5=1091528512E4DD7ED5FDDCC4DF1C53D7 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\isapnp.sys
[2008/04/14 02:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008/04/14 01:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008/04/14 01:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\drivers\isapnp.sys
[2008/04/14 02:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) MD5=CC9F8A2D60AED1A51A3AC34C59B987AE -- C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\i386\isapnp.sys
 
[color=#A23BEC]< MD5 for: LSASS.EXE  >[/color]
[2004/08/17 08:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=82A362FE1D4980B71B588D9C10748511 -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
[2008/04/14 03:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008/04/14 03:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) MD5=ED0A176354487CEED65B80A7148AB739 -- C:\WINDOWS\system32\lsass.exe
 
[color=#A23BEC]< MD5 for: NDIS.SYS  >[/color]
[2008/04/13 19:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 19:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) MD5=1DF7F42665C94B825322FAE71721130D -- C:\WINDOWS\system32\drivers\ndis.sys
[2004/08/03 16:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) MD5=558635D3AF1C7546D26067D5D9B6959E -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
 
[color=#A23BEC]< MD5 for: NETLOGON.DLL  >[/color]
[2004/08/17 08:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=2591CADAEF7D2242039255028E577688 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
[2008/04/14 03:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=C2ED0E3408F50BBC149D4F0936E67832 -- C:\WINDOWS\system32\netlogon.dll
 
[color=#A23BEC]< MD5 for: SCECLI.DLL  >[/color]
[2004/08/17 08:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) MD5=07119058D451CB7EA4317BCFDA8599A6 -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 03:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) MD5=830CE8951C71F361D7D2F38416CC8BC1 -- C:\WINDOWS\system32\scecli.dll
 
[color=#A23BEC]< MD5 for: SMSS.EXE  >[/color]
[2004/08/17 08:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=04B69D49D7FC3358A372E97DB6D39447 -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
[2008/04/14 03:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008/04/14 03:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) MD5=9B08A8C6331C2DA9C30377BCB4262721 -- C:\WINDOWS\system32\smss.exe
 
[color=#A23BEC]< MD5 for: SVCHOST.EXE  >[/color]
[2008/04/14 03:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 03:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=BE4A520E29B6391F49E79CCC52044D93 -- C:\WINDOWS\system32\svchost.exe
[2004/08/17 08:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=DFBA2915B0BF58ABB288CD4C9318CB3F -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
 
[color=#A23BEC]< MD5 for: TCPIP.SYS  >[/color]
[2008/04/13 19:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 19:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) MD5=93EA8D04EC73A85DB02EB8805988F733 -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=9AEFA14BD6B182D61E3119FA5F436D3D -- C:\WINDOWS\system32\drivers\tcpip.sys
[2004/08/03 16:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) MD5=9F4B36614A0FC234525BA224957DE55C -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) MD5=AD978A1B783B5719720CFF204B666C8E -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
 
[color=#A23BEC]< MD5 for: USERINIT.EXE  >[/color]
[2008/04/14 03:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 03:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=7DC1830F22E7D275B438127B68030239 -- C:\WINDOWS\system32\userinit.exe
[2004/08/17 08:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=836F7960362FF95C5D49E40B891F2CFC -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
[color=#A23BEC]< MD5 for: WINLOGON.EXE  >[/color]
[2004/08/17 08:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=221C29AE1B4CC61D11D8B27DE78B2307 -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/14 03:52:54 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=471341D353962A35DA3C6324D59D09C4 -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 03:52:54 | 000,547,328 | ---- | M] (Microsoft Corporation) MD5=471341D353962A35DA3C6324D59D09C4 -- C:\WINDOWS\system32\winlogon.exe
[2008/04/14 03:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=CDDB1F8E1AEA356F3AD106F2CF9B7FEA -- C:\WINDOWS\NiwradSoft Shell Pack\Backup\winlogon.exe
 
[color=#A23BEC]< MD5 for: WS2_32.DLL  >[/color]
[2004/08/17 08:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) MD5=382E9B87F1282E697C67AF84E34E35E2 -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
[2008/04/14 03:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/14 03:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) MD5=951D473917C51F21496D914CF6E5DDD1 -- C:\WINDOWS\system32\ws2_32.dll
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2008/06/20 13:49:25 | 000,147,968 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dnsapi.dll
[2008/04/14 03:51:50 | 000,378,880 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\mstask.dll
[2008/04/14 03:51:52 | 000,067,072 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ntdsapi.dll
[2010/03/10 00:43:10 | 001,510,400 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shdocvw.dll
[2008/06/17 15:02:56 | 015,063,040 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shell32.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2009/12/19 15:10:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/12/19 15:10:51 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/12/19 15:10:51 | 000,479,232 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2008/06/20 13:49:25 | 000,147,968 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dnsapi.dll
[2008/04/14 03:51:50 | 000,378,880 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\mstask.dll
[2008/04/14 03:51:52 | 000,067,072 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ntdsapi.dll
[2010/03/10 00:43:10 | 001,510,400 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shdocvw.dll
[2008/06/17 15:02:56 | 015,063,040 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shell32.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >[/color]
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON
< End of report >
 
[color=#A23BEC]< MD5 for: [2001/10/24 06:44:12 | 000,035,840 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2001/10/24 06:44:12 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\isapnp.sys
 
[color=#A23BEC]< MD5 for: [2001/10/25 09:00:00 | 000,035,840 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2001/10/25 09:00:00 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\isapnp.sys
 
[color=#A23BEC]< MD5 for: [2004/08/03 15:59:14 | 000,134,400 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/03 15:59:14 | 000,134,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\hal.dll
 
[color=#A23BEC]< MD5 for: [2004/08/03 16:14:30 | 000,182,912 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/03 16:14:30 | 000,182,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\ndis.sys
 
[color=#A23BEC]< MD5 for: [2004/08/03 16:14:42 | 000,359,040 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/03 16:14:42 | 000,359,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2004/08/03 17:59:44 | 000,095,360 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/03 17:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:04 | 000,060,416 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:04 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\cryptsvc.dll
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:08 | 000,055,808 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:08 | 000,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:14 | 000,407,040 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:14 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:18 | 000,184,832 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:18 | 000,184,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:22 | 000,082,944 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:22 | 000,082,944 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\ws2_32.dll
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:24 | 000,013,312 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:24 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\lsass.exe
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:24 | 001,032,704 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:24 | 001,032,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:28 | 000,014,336 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:28 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:28 | 000,024,576 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:28 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:28 | 000,050,688 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:28 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\smss.exe
 
[color=#A23BEC]< MD5 for: [2004/08/17 08:49:28 | 000,502,272 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2004/08/17 08:49:28 | 000,502,272 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
 
[color=#A23BEC]< MD5 for: [2008/04/13 18:10:32 | 000,096,512 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/13 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\atapi.sys
[2008/04/13 18:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\atapi.sys
 
[color=#A23BEC]< MD5 for: [2008/04/13 19:01:30 | 000,134,400 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/13 19:01:30 | 000,134,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\HAL.DLL
 
[color=#A23BEC]< MD5 for: [2008/04/13 19:01:34 | 000,105,344 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/13 19:01:34 | 000,105,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\hal.dll
 
[color=#A23BEC]< MD5 for: [2008/04/13 19:06:40 | 000,042,368 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/13 19:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 19:06:40 | 000,042,368 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\agp440.sys
 
[color=#A23BEC]< MD5 for: [2008/04/13 19:10:32 | 000,096,512 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/13 19:10:32 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
 
[color=#A23BEC]< MD5 for: [2008/04/13 19:11:00 | 000,008,192 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/13 19:11:00 | 000,008,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\changer.sys
 
[color=#A23BEC]< MD5 for: [2008/04/13 19:50:18 | 000,361,344 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/13 19:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$NtUninstallKB951748$\tcpip.sys
[2008/04/13 19:50:18 | 000,361,344 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2008/04/13 19:50:38 | 000,182,656 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/13 19:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\ndis.sys
[2008/04/13 19:50:38 | 000,182,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\ndis.sys
 
[color=#A23BEC]< MD5 for: [2008/04/14 01:57:54 | 000,037,248 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 01:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\isapnp.sys
[2008/04/14 01:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\isapnp.sys
 
[color=#A23BEC]< MD5 for: [2008/04/14 02:57:54 | 000,037,248 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 02:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\isapnp.sys
[2008/04/14 02:57:54 | 000,037,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ReinstallBackups\0019\DriverFiles\i386\isapnp.sys
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:51:40 | 000,062,464 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\cryptsvc.dll
[2008/04/14 03:51:40 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cryptsvc.dll
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:51:42 | 000,056,320 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 03:51:42 | 000,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\eventlog.dll
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:51:52 | 000,407,040 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 03:51:52 | 000,407,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netlogon.dll
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:51:56 | 000,185,856 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 03:51:56 | 000,185,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:52:08 | 000,082,432 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\ws2_32.dll
[2008/04/14 03:52:08 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ws2_32.dll
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:52:24 | 001,034,240 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:52:24 | 001,034,240 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NiwradSoft Shell Pack\Backup\explorer.exe
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:52:24 | 001,541,120 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:52:24 | 001,541,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
[2008/04/14 03:52:24 | 001,541,120 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:52:30 | 000,013,312 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\lsass.exe
[2008/04/14 03:52:30 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\lsass.exe
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:52:48 | 000,050,688 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\smss.exe
[2008/04/14 03:52:48 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\smss.exe
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:52:50 | 000,014,336 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/14 03:52:50 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\svchost.exe
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:52:52 | 000,026,112 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/14 03:52:52 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\userinit.exe
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:52:54 | 000,507,904 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:52:54 | 000,507,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\NiwradSoft Shell Pack\Backup\winlogon.exe
 
[color=#A23BEC]< MD5 for: [2008/04/14 03:52:54 | 000,547,328 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/04/14 03:52:54 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/14 03:52:54 | 000,547,328 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winlogon.exe
 
[color=#A23BEC]< MD5 for: [2008/06/20 07:51:12 | 000,361,600 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dllcache\tcpip.sys
[2008/06/20 07:51:12 | 000,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2008/06/20 07:59:02 | 000,361,600 | ---- | M] (MICROSOFT CORPORATION)  >[/color]
[2008/06/20 07:59:02 | 000,361,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\$hf_mig$\KB951748\SP3QFE\tcpip.sys
 
[color=#A23BEC]< MD5 for: [2009/12/19 09:42:37 | 000,330,264 | ---- | M] (INTEL CORPORATION)  >[/color]
[2009/12/19 09:42:37 | 000,330,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\NLDRV\001\iastor.sys
[2009/12/19 09:42:37 | 000,330,264 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\iaStor.sys

[color=#A23BEC]< MD5 for: AGP440.SYS  >[/color]
[2004/08/17 08:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
 
[color=#A23BEC]< MD5 for: ATAPI.SYS  >[/color]
[2004/08/17 08:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
 
[color=#A23BEC]< MD5 for: CHANGER.SYS  >[/color]
[2004/08/17 08:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:Changer.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:Changer.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:Changer.sys
 
[color=#A23BEC]< MD5 for: HAL.DLL  >[/color]
[2004/08/17 08:57:28 | 018,786,869 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:hal.dll
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:hal.dll
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:hal.dll
 
[color=#A23BEC]< MD5 for: ISAPNP.SYS  >[/color]
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:isapnp.sys
[2008/04/14 04:10:02 | 020,102,206 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:isapnp.sys
 
[color=#A23BEC]< %systemroot%\*. /mp /s >[/color]
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2006/10/18 16:47:08 | 000,311,808 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\Audiodev.dll
[2010/03/10 00:43:04 | 001,025,024 | ---- | M] (Společnost Microsoft)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\browseui.dll
[2008/04/14 03:51:40 | 000,336,384 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\cscdll.dll
[2008/04/14 03:51:40 | 006,630,912 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\cscui.dll
[2008/04/14 03:51:40 | 000,025,600 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\davclnt.dll
[2008/06/20 13:49:25 | 000,147,968 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dnsapi.dll
[2008/04/14 03:51:40 | 000,014,336 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\drprov.dll
[2008/04/14 03:51:50 | 000,378,880 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\mstask.dll
[2008/04/14 03:51:52 | 000,011,776 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\netrap.dll
[2008/04/14 03:51:52 | 000,080,384 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\netui0.dll
[2008/04/14 03:51:52 | 000,245,760 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\netui1.dll
[2008/04/14 03:51:52 | 000,067,072 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ntdsapi.dll
[2008/04/14 03:51:52 | 000,044,032 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ntlanman.dll
[2006/10/18 16:47:18 | 000,284,160 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\PortableDeviceApi.dll
[2008/04/14 03:51:56 | 000,064,000 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\samlib.dll
[2009/06/25 04:27:37 | 000,056,832 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\secur32.dll
[2010/03/10 00:43:10 | 001,510,400 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shdocvw.dll
[2008/06/17 15:02:56 | 015,063,040 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shell32.dll
[2008/04/14 03:51:56 | 000,068,096 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shgina.dll
[2010/02/26 01:43:59 | 000,627,200 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\urlmon.dll
[2007/10/25 04:28:30 | 000,222,720 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\wmasf.dll
[2009/05/19 23:56:52 | 002,458,112 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\WMVCore.dll
[2006/10/18 16:47:22 | 002,605,056 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\WpdShext.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< %systemroot%\Tasks\*.job /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\system32\drivers\*.sys /lockedfiles >[/color]
 
[color=#A23BEC]< %systemroot%\System32\config\*.sav >[/color]
[2009/12/19 15:10:51 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/12/19 15:10:51 | 000,663,552 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/12/19 15:10:51 | 000,479,232 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
 
[color=#A23BEC]< %systemroot%\system32\*.dll /lockedfiles >[/color]
[2006/10/18 16:47:08 | 000,311,808 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\Audiodev.dll
[2010/03/10 00:43:04 | 001,025,024 | ---- | M] (Společnost Microsoft)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\browseui.dll
[2008/04/14 03:51:40 | 000,336,384 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\cscdll.dll
[2008/04/14 03:51:40 | 006,630,912 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\cscui.dll
[2008/04/14 03:51:40 | 000,025,600 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\davclnt.dll
[2008/06/20 13:49:25 | 000,147,968 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\dnsapi.dll
[2008/04/14 03:51:40 | 000,014,336 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\drprov.dll
[2008/04/14 03:51:50 | 000,378,880 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\mstask.dll
[2008/04/14 03:51:52 | 000,011,776 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\netrap.dll
[2008/04/14 03:51:52 | 000,080,384 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\netui0.dll
[2008/04/14 03:51:52 | 000,245,760 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\netui1.dll
[2008/04/14 03:51:52 | 000,067,072 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ntdsapi.dll
[2008/04/14 03:51:52 | 000,044,032 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\ntlanman.dll
[2006/10/18 16:47:18 | 000,284,160 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\PortableDeviceApi.dll
[2008/04/14 03:51:56 | 000,064,000 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\samlib.dll
[2009/06/25 04:27:37 | 000,056,832 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\secur32.dll
[2010/03/10 00:43:10 | 001,510,400 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shdocvw.dll
[2008/06/17 15:02:56 | 015,063,040 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shell32.dll
[2008/04/14 03:51:56 | 000,068,096 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\shgina.dll
[2010/02/26 01:43:59 | 000,627,200 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\urlmon.dll
[2007/10/25 04:28:30 | 000,222,720 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\wmasf.dll
[2009/05/19 23:56:52 | 002,458,112 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\WMVCore.dll
[2006/10/18 16:47:22 | 002,605,056 | ---- | M] (Microsoft Corporation)[b] Unable to obtain MD5[/b] -- C:\WINDOWS\system32\WpdShext.dll
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
 
[color=#A23BEC]< reg query "HKLM\Software\Microsoft\Windows NT\CurrentVersion\winlogon" /v GinaDLL /c >[/color]
! REG.EXE VERSION 3.0
HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON

< End of report >

Re: Po restartu, vše jak před dvěma dny... pls. Help

Napsal: 10 dub 2010 17:46
od Spo.On
tak jsem taky trochu googlil a nakonec sem na youtube našel návod jak ho odstranit.... opravdu nevím odkud se mi dostal do PC, ale jsem rád že se to vyřešilo... už funguje normálně :)
Děkuji Vám za vaši ochotu a čas... pro příště už sem poučen...

Re: Po restartu, vše jak před dvěma dny... pls. Help

Napsal: 10 dub 2010 18:37
od Spo.On
Mohl bych potom poprosit o zkontrolování sestřinýho PC prý ho má strašně pomalý...
tak tady je ten log z CF:
ComboFix 10-04-09.06 - Administrator 10.04.2010 19:21:33.2.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1513 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
AV: AVG Anti-Virus Free *On-access scanning enabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((( Soubory vytvořené od 2010-03-10 do 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-10 21:45 . 2010-04-10 21:45 -------- d-----w- C:\_OTL
2010-04-04 15:07 . 2010-04-04 15:07 -------- d-----w- c:\program files\Faronics
2010-04-04 09:20 . 2005-01-26 17:19 97 ----a-w- c:\windows\system32\drivers\a.bat
2010-04-04 09:20 . 2004-10-07 04:59 102912 ----a-r- c:\windows\system32\Ntport.dll
2010-04-04 09:20 . 2003-10-22 18:04 46080 ----a-r- c:\windows\system32\itevio.dll
2010-04-04 09:20 . 2001-01-22 12:23 6080 ----a-w- c:\windows\system32\drivers\zntport.sys
2010-04-04 09:20 . 2000-07-16 06:00 118784 ----a-r- c:\windows\system32\Msstdfmt.dll
2010-04-04 09:20 . 2010-04-04 09:20 -------- d-----w- c:\windows\SysWow64
2010-04-04 08:53 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-04-04 08:53 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-04-04 08:53 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-04-04 08:53 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-04-04 08:38 . 2010-04-04 08:59 -------- d-----w- c:\program files\METRO 2033
2010-04-04 07:30 . 2010-04-04 07:30 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-03 15:45 . 2010-04-03 15:45 -------- d-----w- c:\program files\Sophos
2010-04-03 07:17 . 2010-04-04 07:28 -------- d-----w- c:\program files\Steam
2010-04-02 20:12 . 2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe
2010-04-02 20:07 . 2010-04-02 20:15 -------- d-----w- c:\windows\NV3676340.TMP
2010-04-02 19:43 . 2008-04-14 06:52 152064 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-04-02 19:43 . 2008-04-14 06:52 152064 ----a-w- c:\windows\system32\irftp.exe
2010-04-02 19:43 . 2008-04-14 06:52 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-04-02 19:43 . 2008-04-14 06:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-04-02 19:43 . 2008-04-14 06:51 27648 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-04-02 19:43 . 2008-04-14 06:51 27648 ----a-w- c:\windows\system32\irmon.dll
2010-04-02 19:43 . 2008-04-13 22:24 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2010-04-02 19:43 . 2008-04-13 22:24 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2010-04-02 19:43 . 2001-08-17 19:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-04-02 19:43 . 2001-08-17 19:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2010-04-02 19:42 . 2001-08-17 19:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2010-04-02 19:42 . 2001-08-17 19:51 18688 ----a-w- c:\windows\system32\drivers\irsir.sys
2010-03-28 08:21 . 2010-03-28 08:21 -------- d-----w- C:\RAR
2010-03-16 01:37 . 2008-08-02 04:20 86016 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 01:37 . 2008-08-02 04:20 229376 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-16 01:37 . 2008-08-02 04:20 163908 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-16 01:37 . 2008-08-02 04:20 143360 ----a-w- c:\windows\system32\nvcolor.exe
2010-03-16 01:37 . 2008-08-02 04:20 13570048 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 01:37 . 2008-08-02 04:20 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-15 18:56 . 2010-03-17 20:59 -------- d-----w- c:\program files\BRS
2010-03-15 18:51 . 2010-03-15 18:51 -------- d-----w- c:\program files\Codemasters
2010-03-12 13:32 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-12 13:32 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-12 13:32 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-12 13:32 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-12 13:32 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-11 19:39 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 17:13 . 2009-12-19 18:28 17488 ----a-w- c:\windows\gdrv.sys
2010-04-04 09:20 . 2009-12-19 18:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-04 08:55 . 2009-12-20 13:39 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-04 08:55 . 2009-12-20 14:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-04 07:18 . 2001-10-25 13:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-04-04 07:18 . 2001-10-25 13:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-04-02 20:12 . 2009-12-19 18:34 -------- d-----w- c:\program files\Realtek
2010-04-02 20:04 . 2010-01-24 11:30 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-02 07:20 . 2009-12-19 18:55 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2010-03-29 16:48 . 2009-12-19 20:07 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-29 16:47 . 2009-12-19 20:07 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-20 19:00 . 2009-12-22 20:24 17488 ----a-w- c:\windows\etdrv.sys
2010-03-16 06:51 . 2009-12-20 13:59 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-03-12 14:25 . 2009-12-20 09:46 -------- d-----w- c:\program files\Electronic Arts
2010-02-26 05:43 . 2004-08-17 12:49 668160 ----a-w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-17 12:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-23 20:26 . 2009-12-19 20:07 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-21 09:06 . 2010-02-21 09:06 -------- d-----w- c:\program files\Paint.NET
2010-02-16 14:34 . 2010-02-16 14:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-16 14:31 . 2010-02-16 14:31 -------- d-----w- c:\program files\LG Soft India
2010-02-16 14:31 . 2009-12-19 18:29 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-13 10:56 . 2010-02-12 19:10 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-02-13 05:59 . 2010-02-13 05:47 -------- d-----w- c:\program files\FlatOut2
2010-02-12 20:09 . 2010-02-12 17:46 533 ----a-w- c:\windows\eReg.dat
2010-02-12 20:03 . 2010-01-24 15:00 -------- d-----w- c:\program files\EA Games
2010-02-12 19:13 . 2010-01-08 12:23 -------- d-----w- c:\program files\Valve
2010-02-12 18:23 . 2010-02-12 18:23 -------- d-----w- c:\program files\GameSpy Arcade
2010-02-11 22:19 . 2010-02-11 21:36 -------- d-----w- c:\program files\Dassault Systemes
2010-02-11 16:05 . 2010-02-11 16:05 -------- d-----w- c:\program files\GIMP-2.0
2010-02-11 13:19 . 2010-02-11 13:19 -------- d-----w- c:\program files\Foxit Software
2010-02-11 13:16 . 2010-02-11 13:16 -------- d-----w- c:\program files\GameTop.com
2010-02-10 11:43 . 2004-08-17 12:49 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-02-10 11:37 . 2010-02-10 11:05 -------- d-----w- c:\program files\TrueTransparency
2010-01-25 17:51 . 2010-01-25 17:51 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-01-25 17:51 . 2010-01-25 17:51 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-01-25 17:51 . 2010-01-25 17:51 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-01-24 01:54 . 2010-01-24 01:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.

------- Sigcheck -------

[7] 2008-04-14 . CDDB1F8E1AEA356F3AD106F2CF9B7FEA . 507904 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\winlogon.exe
[-] 2008-04-14 . 471341D353962A35DA3C6324D59D09C4 . 547328 . . [5.1.2600.5512] . . c:\windows\system32\winlogon.exe
[7] 2004-08-17 . 221C29AE1B4CC61D11D8B27DE78B2307 . 502272 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\winlogon.exe

[7] 2008-04-14 . 4F993463DC5F3F80D77A3D34D7BFBFED . 617472 . . [5.82] . . c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\ServicePackFiles\i386\comctl32.dll
[-] 2008-04-14 . 330F30CB175655313A93AF27C7366550 . 643072 . . [5.82] . . c:\windows\system32\comctl32.dll
[7] 2004-08-17 . 876C658C44F2BF4AF050E5534A9F066F . 611328 . . [5.82] . . c:\windows\$NtServicePackUninstall$\comctl32.dll

[7] 2008-04-14 . E16E0990967374E76F3E40CACAFD3D53 . 578560 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\user32.dll
[-] 2008-04-14 . CCB32D10C69A89822E9134C0C4894BE1 . 578560 . . [5.1.2600.5512] . . c:\windows\system32\user32.dll
[7] 2004-08-17 . 1B4CCC59980DA34E75F20E42B283B027 . 577024 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\user32.dll

[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\explorer.exe
[7] 2008-04-14 . 27AFD587C462E280EE046B8CCA3C2CD1 . 1034240 . . [6.00.2900.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe
[-] 2008-04-14 . D63C59BB0CA2F83B62D003FD52863090 . 1541120 . . [6.00.2900.5512] . . c:\windows\ServicePackFiles\i386\explorer.exe
[7] 2004-08-17 . 53114D57AB73A406AC7F602227781A99 . 1032704 . . [6.00.2900.2180] . . c:\windows\$NtServicePackUninstall$\explorer.exe

[7] 2008-04-14 . A756B8F0F7BAFBA6DFE39F7D169F2519 . 15360 . . [5.1.2600.5512] . . c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\ServicePackFiles\i386\ctfmon.exe
[-] 2008-04-14 . 0415E09C0BCCBF8B5CD5A05889EFB962 . 40448 . . [5.1.2600.5512] . . c:\windows\system32\ctfmon.exe
[7] 2004-08-17 . A5BAA91475167161DEA02BA3C4CA4F59 . 15360 . . [5.1.2600.2180] . . c:\windows\$NtServicePackUninstall$\ctfmon.exe
.
(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2010-01-24 306088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"="m‘|\ü" [X]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"nwiz"="nwiz.exe" [2008-08-02 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13570048]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-04 149280]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-02 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 40448]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
GIGABYTE Gamer HUD.lnk - c:\program files\GIGABYTE\Gamer HUD\HUD.exe [2008-6-26 1940992]
MemSet.exe.lnk - c:\windows\MemSave\MemSet.exe [2010-2-26 949248]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2010-2-16 1687552]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2007-12-31 23:17 12464 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\GIGABYTE\\ET6\\UpdExe.exe"=
"c:\\Program Files\\GIGABYTE\\EnergySaver\\run.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\GIGABYTE\\ET6\\GBTUpd.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgnsx.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgemc.exe"=
"c:\\Program Files\\AVG\\AVG9\\avgupd.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\EA Games\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [30.1.2010 17:24 216200]
R1 AvgTdiX;AVG Free Network Redirector;c:\windows\system32\drivers\avgtdix.sys [30.1.2010 17:24 242696]
R2 avg9emc;AVG Free E-mail Scanner;c:\program files\AVG\AVG9\avgemc.exe [1.1.2008 1:17 916760]
R2 avg9wd;AVG Free WatchDog;c:\program files\AVG\AVG9\avgwdsvc.exe [1.1.2008 1:17 308064]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [19.12.2009 20:30 80392]
S2 gupdate1ca9471cce7c6bc;Služba Google Update (gupdate1ca9471cce7c6bc);c:\program files\Google\Update\GoogleUpdate.exe [13.1.2010 18:59 133104]
S3 AODDriver;AODDriver;c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [23.2.2009 1:16 7168]
S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 etdrv;etdrv;c:\windows\etdrv.sys [22.12.2009 22:24 17488]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [26.12.2009 12:17 26736]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [25.1.2010 19:51 13224]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [19.12.2009 20:55 24944]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [16.2.2010 16:31 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [16.2.2010 16:31 18432]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-13 16:59]

2010-04-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-13 16:59]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://hawxgame.com/demo
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\devn4wnd.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - component: c:\program files\AVG\AVG9\Firefox\components\avgssff.dll
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.
- - - - NEPLATNÉ POLOŽKY ODSTRANĚNÉ Z REGISTRU - - - -

HKCU-Run-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
HKCU-Run-ICQ - c:\program files\ICQ6.5\ICQ.exe
HKLM-Run-DrvIcon - c:\program files\Vista Drive Icon\DrvIcon.exe
HKLM-Run-SmartGuardian - c:\program files\ITE\Smart Guardian\ITESMART.exe
AddRemove-NVIDIA Display Control Panel - c:\program files\NVIDIA Corporation\Uninstall\nvuninst.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 19:25
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:0f,91,3b,21,bc,19,be,c9,dd,31,9c,4c,6d,8d,7d,8b,8b,c5,bc,97,9a,
c8,f3,23,47,b3,f7,ce,f4,56,3f,96,a9,a7,7a,ad,df,35,21,1c,59,f4,94,46,59,e8,\
"rkeysecu"=hex:b1,b2,47,6c,3f,2f,97,6a,be,87,4d,49,5c,40,ab,d7
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(800)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(856)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(2844)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
Celkový čas: 2010-04-10 19:27:16
ComboFix-quarantined-files.txt 2010-04-10 17:27

Před spuštěním: Volných bajtů: 196 500 160 512
Po spuštění: Volných bajtů: 196 470 894 592

- - End Of File - - 74572818D04346B9F3F10AE6338EDA7A

Re: Po restartu, vše jak před dvěma dny... pls. Help

Napsal: 10 dub 2010 18:45
od motji
Určitě můžete :)

:arrow: Dejte soubor otestovat na http://www.virustotal.com


c:\windows\etdrv.sys
c:\windows\system32\ctfmon.exe
c:\windows\explorer.exe
c:\windows\system32\user32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\winlogon.exe
c:\windows\system32\drivers\zntport.sys

-Na virustotalu dáte procházet, a do spodního okénka nakopírujete přímo cestu k souboru a dáte odeslat
-z prohlížeče zkopírujete adresu ke stránce s výsledky
-pokud se Vás zeptá, dejte soubor otestovat znovu, tak aby to byl soubor z Vašeho počítače

Ten soubor, co předtím otestovat nešel, máte ještě v počítači?

Budu tu zas až kolem 10 hodiny večer, dočistíme to a poku dnebudou problémy, hotovo :)

Re: Po restartu, vše jak před dvěma dny... pls. Help

Napsal: 10 dub 2010 19:06
od Spo.On
Všechny jsou čisté.... a tamten soubor už není k nalezení...

tady je log z druhého PC: (nejspíše to bude pěkná sbírka)


Logfile of random's system information tool 1.06 (written by random/random)
Run by Petr at 2010-04-10 18:51:04
Microsoft Windows XP Home Edition Service Pack 3
System drive C: has 289 MB (2%) free of 15 GB
Total RAM: 511 MB (15% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 18:51:39, on 10.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\Program Files\AVG\AVG8\avgcsrvx.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\CTHELPER.EXE
C:\WINDOWS\system32\atiptaxx.exe
C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
D:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\PROGRA~1\AVG\AVG8\avgnsx.exe
C:\Documents and Settings\Petr.KADLECOVI\Dokumenty\Stažené soubory\RSIT.exe
C:\Program Files\trend micro\Petr.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.crawler.com/search/ie.aspx?tb_id=60341
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = http://dnl.crawler.com/support/sa_custo ... TbId=60341
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://www.wmrecorderpro.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: QIPBHO Class - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Martin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
R3 - URLSearchHook: (no name) - *{95289393-33EA-4F8D-B952-483415B9C955} - (no file)
R3 - URLSearchHook: (no name) - *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - (no file)
R3 - URLSearchHook: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: NP Helper Class - {35B8D58C-B0CB-46b0-BA64-05B3804E4E86} - C:\Program Files\Internet Saving Optimizer\3.6.0.4470\NPIEAddOn.dll (file missing)
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: QIPBHO - {95289393-33EA-4F8D-B952-483415B9C955} - C:\Documents and Settings\Martin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll
O2 - BHO: AVG Security Toolbar BHO - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O2 - BHO: System Search Dispatcher - {CDBFB47B-58A8-4111-BF95-06178DCE326D} - C:\Program Files\System Search Dispatcher\1.3.3.840\ssd.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: AVG Security Toolbar - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll
O3 - Toolbar: GamingHarbor Toolbar - {5617ECA9-488D-4BA2-8562-9710B9AB78D2} - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stb0.dll (file missing)
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKLM\..\Run: [WINDVDPatch] CTHELPER.EXE
O4 - HKLM\..\Run: [UpdReg] C:\WINDOWS\UpdReg.EXE
O4 - HKLM\..\Run: [Jet Detection] "C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe"
O4 - HKLM\..\Run: [CTStartup] C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE /run
O4 - HKLM\..\Run: [AtiPTA] atiptaxx.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\Windows Live\Messenger\msnmsgr.exe" /background
O4 - HKCU\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe" /systray /nologon
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe
O8 - Extra context menu item: E&xportovat do aplikace Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: Odeslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Od&eslat do aplikace OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - D:\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra 'Tools' menuitem: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - D:\Program Files\ICQ6.5\ICQ.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: Sony Ericsson OMSI download service (OMSI download service) - Unknown owner - C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe

--
End of file - 8528 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\AppleSoftwareUpdate.job
C:\WINDOWS\tasks\ParetoLogic Registration.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}]
Adobe PDF Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2009-12-21 75200]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{35B8D58C-B0CB-46b0-BA64-05B3804E4E86}]
NP Helper Class - C:\Program Files\Internet Saving Optimizer\3.6.0.4470\NPIEAddOn.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG8\avgssie.dll [2009-12-12 1111320]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95289393-33EA-4F8D-B952-483415B9C955}]
QIPBHO Class - C:\Documents and Settings\Martin\Data aplikací\Microsoft\Internet Explorer\qipsearchbar.dll [2009-01-19 131072]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A3BC75A2-1F87-4686-AA43-5347D756017C}]
AVG Security Toolbar BHO - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{CDBFB47B-58A8-4111-BF95-06178DCE326D}]
System Search Dispatcher - C:\Program Files\System Search Dispatcher\1.3.3.840\ssd.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2009-10-11 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2009-10-11 73728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
{CCC7A320-B3CA-4199-B1A6-9F516DD69829} - AVG Security Toolbar - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll [2009-11-25 1230080]
{5617ECA9-488D-4BA2-8562-9710B9AB78D2} - GamingHarbor Toolbar - C:\Program Files\DoubleD\GamingHarbor Toolbar\4.2.0.21210\stb0.dll []

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG8_TRAY"=C:\PROGRA~1\AVG\AVG8\avgtray.exe [2010-03-20 2046816]
"WINDVDPatch"=C:\WINDOWS\system32\CTHELPER.EXE [2002-07-02 24576]
"UpdReg"=C:\WINDOWS\UpdReg.EXE [2000-05-11 90112]
"Jet Detection"=C:\Program Files\Creative\SBLive\PROGRAM\ADGJDet.exe [2001-11-29 28672]
"CTStartup"=C:\Program Files\Creative\Splash Screen\CTEaxSpl.EXE [2001-12-20 28672]
"AtiPTA"=C:\WINDOWS\system32\atiptaxx.exe [2002-07-25 290816]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2009-01-05 413696]
"NeroFilterCheck"=C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe [2006-01-12 155648]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe [2009-12-22 35760]
"Adobe ARM"=C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2009-12-11 948672]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-07-27 1983816]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2009-03-18 767312]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2009-10-11 149280]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"=C:\WINDOWS\system32\ctfmon.exe [2008-04-14 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"=C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe [2006-12-23 143360]
"msnmsgr"=C:\Program Files\Windows Live\Messenger\msnmsgr.exe /background []
"Sony Ericsson PC Suite"=C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SEPCSuite.exe /systray /nologon []

C:\Documents and Settings\Petr.KADLECOVI\Nabídka Start\Programy\Po spuštění
OpenOffice.org 3.0.lnk - C:\Program Files\OpenOffice.org 3\program\quickstart.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\AtiExtEvent]
C:\WINDOWS\system32\Ati2evxx.dll [2006-05-03 61440]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\avgrsstarter]
C:\WINDOWS\system32\avgrsstx.dll [2009-08-22 11952]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-08-24 133120]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\UploadMgr]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=145

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe"="C:\Program Files\Spyware Terminator\SpywareTerminatorUpdate.exe:*:Enabled:Crawler Spyware Terminator"
"C:\Program Files\AVG\AVG8\avgemc.exe"="C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe"
"C:\Program Files\AVG\AVG8\avgupd.exe"="C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe"
"C:\Program Files\AVG\AVG8\avgnsx.exe"="C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe"
"D:\Program Files\ICQ6\ICQ.exe"="D:\Program Files\ICQ6\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\Garena\Garena.exe"="D:\Program Files\Garena\Garena.exe:*:Enabled:Garena"
"D:\Valve\hl.exe"="D:\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"D:\Program Files\Mozilla Firefox\firefox.exe"="D:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox"
"D:\Program Files\ICQ6.5\ICQ.exe"="D:\Program Files\ICQ6.5\ICQ.exe:*:Enabled:ICQ6"
"D:\Program Files\VideoLAN\VLC\vlc.exe"="D:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"D:\Office12\ONENOTE.EXE"="D:\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote"
"D:\Program Files\TmNationsForever\TmForever.exe"="D:\Program Files\TmNationsForever\TmForever.exe:*:Enabled:TmForever"
"F:\EasySetupAssistant\EasySetupAssistant.exe"="F:\EasySetupAssistant\EasySetupAssistant.exe:*:Enabled:TP-LINK Easy Setup Assistant"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6c785237-c93a-11dd-b529-000c76926c0e}]
shell\AutoRun\command - RECYCLER\usbv.exe
shell\open\command - RECYCLER\usbv.exe


======List of files/folders created in the last 1 months======

2010-04-10 18:51:09 ----D---- C:\Program Files\trend micro
2010-04-10 18:51:04 ----D---- C:\rsit
2010-04-05 09:45:45 ----D---- C:\Documents and Settings\Petr.KADLECOVI\Data aplikací\InfoTurist
2010-04-05 09:45:25 ----D---- C:\Program Files\Common Files\SWF Studio
2010-03-31 03:01:32 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$

======List of files/folders modified in the last 1 months======

2010-04-10 18:51:11 ----D---- C:\WINDOWS\Prefetch
2010-04-10 18:51:09 ----RD---- C:\Program Files
2010-04-10 16:12:19 ----D---- C:\WINDOWS\Temp
2010-04-10 16:07:54 ----A---- C:\WINDOWS\{00000000-00000000-00000008-00001102-00000002-80651102}.BAK
2010-04-09 21:31:59 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-09 14:55:28 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJPLM
2010-04-06 19:18:26 ----D---- C:\Documents and Settings\All Users\Data aplikací\CanonIJ
2010-04-05 09:59:19 ----A---- C:\WINDOWS\win.ini
2010-04-05 09:45:25 ----D---- C:\Program Files\Common Files
2010-04-01 12:34:10 ----D---- C:\WINDOWS
2010-03-31 03:06:49 ----D---- C:\WINDOWS\system32
2010-03-31 03:02:09 ----HD---- C:\WINDOWS\inf
2010-03-31 03:01:48 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-03-31 03:00:59 ----D---- C:\WINDOWS\system32\CatRoot2
2010-03-30 19:55:40 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-28 10:02:34 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-26 15:40:15 ----D---- C:\Program Files\Windows Media Player
2010-03-20 21:04:10 ----A---- C:\WINDOWS\NeroDigital.ini
2010-03-17 14:39:46 ----HD---- C:\$AVG8.VAULT$

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 AvgLdx86;AVG Free AVI Loader Driver x86; C:\WINDOWS\System32\Drivers\avgldx86.sys [2009-08-22 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86; C:\WINDOWS\System32\Drivers\avgmfx86.sys [2009-08-22 27784]
R1 AvgTdiX;AVG Free8 Network Redirector; C:\WINDOWS\System32\Drivers\avgtdix.sys [2009-07-06 108552]
R3 ati2mtag;ati2mtag; C:\WINDOWS\System32\DRIVERS\ati2mtag.sys [2006-05-03 1540608]
R3 ctac32k;Creative AC3 Software Decoder; C:\WINDOWS\System32\drivers\ctac32k.sys [2002-07-19 127948]
R3 ctaud2k;Creative Audio Driver (WDM); C:\WINDOWS\system32\drivers\ctaud2k.sys [2002-07-19 837548]
R3 ctprxy2k;Creative Proxy Driver; C:\WINDOWS\System32\drivers\ctprxy2k.sys [2002-07-19 11068]
R3 ctsfm2k;Creative SoundFont Management Device Driver; C:\WINDOWS\System32\drivers\ctsfm2k.sys [2002-07-19 213860]
R3 emupia;E-mu Plug-in Architecture Driver; C:\WINDOWS\System32\drivers\emupia2k.sys [2002-07-19 156604]
R3 ha10kx2k;Creative Hardware Abstract Layer Driver; C:\WINDOWS\system32\drivers\ha10kx2k.sys [2002-07-24 998004]
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver; C:\WINDOWS\system32\drivers\msmpu401.sys [2001-08-18 2944]
R3 ossrv;Creative OS Services Driver; C:\WINDOWS\system32\drivers\ctoss2k.sys [2002-07-19 195432]
R3 seehcri;Sony Ericsson seehcri Device Driver; C:\WINDOWS\system32\DRIVERS\seehcri.sys [2008-01-09 27632]
R3 SISNIC;SiS PCI Fast Ethernet Adapter Driver; C:\WINDOWS\System32\DRIVERS\sisnic.sys [2004-08-03 32768]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\System32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 usbohci;Ovladač Miniport otevřeného hostitelského řadiče Microsoft USB; C:\WINDOWS\System32\DRIVERS\usbohci.sys [2008-04-14 17152]
S3 ctljystk;Game port pro zařízení Creative SB Live!; C:\WINDOWS\System32\DRIVERS\ctljystk.sys [2001-08-17 3712]
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.SYS []
S3 GarenaPEngine;GarenaPEngine; \??\C:\DOCUME~1\Martin\LOCALS~1\Temp\OSV1E.tmp []
S3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
S3 hidusb;Ovladač třídy standardu HID; C:\WINDOWS\System32\DRIVERS\hidusb.sys [2008-04-14 10368]
S3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\System32\DRIVERS\mouhid.sys [2001-10-25 12160]
S3 nv;nv; C:\WINDOWS\System32\DRIVERS\nv4_mini.sys [2004-08-03 1897408]
S3 s0017bus;Sony Ericsson Device 0017 driver (WDM); C:\WINDOWS\system32\DRIVERS\s0017bus.sys [2008-05-27 90536]
S3 s0017mdfl;Sony Ericsson Device 0017 USB WMC Modem Filter; C:\WINDOWS\system32\DRIVERS\s0017mdfl.sys [2008-05-27 15016]
S3 s0017mdm;Sony Ericsson Device 0017 USB WMC Modem Driver; C:\WINDOWS\system32\DRIVERS\s0017mdm.sys [2008-05-27 122152]
S3 s0017mgmt;Sony Ericsson Device 0017 USB WMC Device Management Drivers (WDM); C:\WINDOWS\system32\DRIVERS\s0017mgmt.sys [2008-05-27 115496]
S3 s0017nd5;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (NDIS); C:\WINDOWS\system32\DRIVERS\s0017nd5.sys [2008-05-27 25768]
S3 s0017obex;Sony Ericsson Device 0017 USB WMC OBEX Interface; C:\WINDOWS\system32\DRIVERS\s0017obex.sys [2008-05-27 111912]
S3 s0017unic;Sony Ericsson Device 0017 USB Ethernet Emulation SEMC0017 (WDM); C:\WINDOWS\system32\DRIVERS\s0017unic.sys [2008-05-27 117672]
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Ati HotKey Poller;Ati HotKey Poller; C:\WINDOWS\system32\Ati2evxx.exe [2006-05-03 413696]
R2 avg8emc;AVG Free8 E-mail Scanner; C:\PROGRA~1\AVG\AVG8\avgemc.exe [2009-08-22 908056]
R2 avg8wd;AVG Free8 WatchDog; C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2009-08-22 297752]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2009-02-10 116104]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2009-10-11 153376]
R2 OMSI download service;Sony Ericsson OMSI download service; C:\Program Files\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe [2009-04-30 90112]
R3 NMIndexingService;NMIndexingService; C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe [2006-12-23 262144]
S2 ATI Smart;ATI Smart; C:\WINDOWS\system32\ati2sgag.exe [2006-05-03 520192]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 odserv;Microsoft Office Diagnostics Service; C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE [2006-10-26 441136]
S3 ose;Office Source Engine; C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2006-10-26 145184]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Po restartu, vše jak před dvěma dny... pls. Help

Napsal: 10 dub 2010 19:42
od motji
Když dovolíte, nejdřív dokončíme ten první, at se to neplete :) .

:arrow: Pokud nemáte, přesuňte Combofix na plochu
-otevřete si Poznámkový blok
-Do něj zkopírujte text z tohoto okénka

Kód: Vybrat vše

Folder::
c:\program files\Faronics
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"GEST"=-
Restore::
c:\windows\system32\ctfmon.exe
c:\windows\explorer.exe
c:\windows\system32\user32.dll
c:\windows\system32\comctl32.dll
c:\windows\system32\winlogon.exe
-uložte Vámi vytvořený TXT soubor jako CFScript.txt na plochu
-po uložení uchopte vámi vytvořený skript levým myšítkem a -přesuňte ho nad ikonu Combofixu, kde ho upustíte:

Obrázek


-po aplikaci na Vás vypadne další log,vložte ho sem

Upozornění : může se stát, že po aplikaci skriptu a restartu Windows nenaběhnou, v tom případě znovu restartujte a přitom mačkejte F8, pak zvolte Poslední známou funkční konfiguraci


--------------------
:arrow: tuto stránku znáte?
uInternet Connection Wizard,ShellNext = hxxp://hawxgame.com/demo

---------------------

:arrow: Zapojte do pc všechny usb klíče, flashky...co používáte


:arrow: Stáhněte na plochu UsbFix
-spusťte, zvolte jazyk E - potvrdťe enter
-klikněte na volbu 2 - enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt


------------------------

:arrow: vložte nový log ze Rsitu :) . Pokud bude vše v pořádku, už jen uklidím po použitých programech :)

Re: Po restartu, vše jak před dvěma dny... pls. Help

Napsal: 10 dub 2010 20:22
od Spo.On
samozřejmě jen jsem myslel že už je konec... :-D
ta stránka je pozůstatek po jednom benchmarku..

ComboFix 10-04-09.06 - Administrator 10.04.2010 20:48:27.3.2 - x86
Systém Microsoft Windows XP Professional 5.1.2600.3.1250.420.1029.18.2046.1364 [GMT 2:00]
Spuštěný z: c:\documents and settings\Administrator\Plocha\ComboFix.exe
Použité ovládací přepínače :: c:\documents and settings\Administrator\Plocha\CFScript.txt.txt
AV: ESET NOD32 Antivirus 4.2 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.

((((((((((((((((((((((((((((((((((((((( Ostatní výmazy )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Faronics

Nakažená kopie c:\windows\explorer.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\NiwradSoft Shell Pack\Backup\explorer.exe

Nakažená kopie c:\windows\system32\comctl32.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\NiwradSoft Shell Pack\Backup\comctl32.dll

Nakažená kopie c:\windows\system32\ctfmon.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\NiwradSoft Shell Pack\Backup\ctfmon.exe

Nakažená kopie c:\windows\system32\user32.dll byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\NiwradSoft Shell Pack\Backup\user32.dll

Nakažená kopie c:\windows\system32\winlogon.exe byla nalezena a vyléčena.
Obnovena kopie z - c:\windows\NiwradSoft Shell Pack\Backup\winlogon.exe

.
((((((((((((((((((((((((( Soubory vytvořené od 2010-03-10 do 2010-04-10 )))))))))))))))))))))))))))))))
.

2010-04-10 21:45 . 2010-04-10 21:45 -------- d-----w- C:\_OTL
2010-04-10 18:27 . 2010-04-10 18:27 -------- d-----w- c:\program files\ESET
2010-04-04 09:20 . 2005-01-26 17:19 97 ----a-w- c:\windows\system32\drivers\a.bat
2010-04-04 09:20 . 2004-10-07 04:59 102912 ----a-r- c:\windows\system32\Ntport.dll
2010-04-04 09:20 . 2003-10-22 18:04 46080 ----a-r- c:\windows\system32\itevio.dll
2010-04-04 09:20 . 2001-01-22 12:23 6080 ----a-w- c:\windows\system32\drivers\zntport.sys
2010-04-04 09:20 . 2000-07-16 06:00 118784 ----a-r- c:\windows\system32\Msstdfmt.dll
2010-04-04 09:20 . 2010-04-04 09:20 -------- d-----w- c:\windows\SysWow64
2010-04-04 08:53 . 2010-02-04 08:01 74072 ----a-w- c:\windows\system32\XAPOFX1_4.dll
2010-04-04 08:53 . 2010-02-04 08:01 528216 ----a-w- c:\windows\system32\XAudio2_6.dll
2010-04-04 08:53 . 2010-02-04 08:01 238936 ----a-w- c:\windows\system32\xactengine3_6.dll
2010-04-04 08:53 . 2010-02-04 08:01 22360 ----a-w- c:\windows\system32\X3DAudio1_7.dll
2010-04-04 08:38 . 2010-04-04 08:59 -------- d-----w- c:\program files\METRO 2033
2010-04-04 07:30 . 2010-04-04 07:30 -------- d-----w- c:\windows\system32\wbem\Repository
2010-04-03 15:45 . 2010-04-03 15:45 -------- d-----w- c:\program files\Sophos
2010-04-03 07:17 . 2010-04-04 07:28 -------- d-----w- c:\program files\Steam
2010-04-02 20:12 . 2005-05-03 16:43 69632 ----a-w- c:\windows\Alcmtr.exe
2010-04-02 20:07 . 2010-04-02 20:15 -------- d-----w- c:\windows\NV3676340.TMP
2010-04-02 19:43 . 2008-04-14 06:52 152064 -c--a-w- c:\windows\system32\dllcache\irftp.exe
2010-04-02 19:43 . 2008-04-14 06:52 152064 ----a-w- c:\windows\system32\irftp.exe
2010-04-02 19:43 . 2008-04-14 06:52 8192 -c--a-w- c:\windows\system32\dllcache\wshirda.dll
2010-04-02 19:43 . 2008-04-14 06:52 8192 ----a-w- c:\windows\system32\wshirda.dll
2010-04-02 19:43 . 2008-04-14 06:51 27648 -c--a-w- c:\windows\system32\dllcache\irmon.dll
2010-04-02 19:43 . 2008-04-14 06:51 27648 ----a-w- c:\windows\system32\irmon.dll
2010-04-02 19:43 . 2008-04-13 22:24 88192 -c--a-w- c:\windows\system32\dllcache\irda.sys
2010-04-02 19:43 . 2008-04-13 22:24 88192 ----a-w- c:\windows\system32\drivers\irda.sys
2010-04-02 19:43 . 2001-08-17 19:51 19584 -c--a-w- c:\windows\system32\dllcache\rasirda.sys
2010-04-02 19:43 . 2001-08-17 19:51 19584 ----a-w- c:\windows\system32\drivers\rasirda.sys
2010-04-02 19:42 . 2001-08-17 19:51 18688 -c--a-w- c:\windows\system32\dllcache\irsir.sys
2010-04-02 19:42 . 2001-08-17 19:51 18688 ----a-w- c:\windows\system32\drivers\irsir.sys
2010-03-31 06:23 . 2010-03-31 06:23 95872 ----a-w- c:\windows\system32\drivers\epfwtdir.sys
2010-03-31 06:22 . 2010-03-31 06:22 114984 ----a-w- c:\windows\system32\drivers\ehdrv.sys
2010-03-31 06:17 . 2010-03-31 06:17 140216 ----a-w- c:\windows\system32\drivers\eamon.sys
2010-03-28 08:21 . 2010-03-28 08:21 -------- d-----w- C:\RAR
2010-03-16 01:37 . 2008-08-02 04:20 86016 ----a-w- c:\windows\system32\nvmctray.dll
2010-03-16 01:37 . 2008-08-02 04:20 229376 ----a-w- c:\windows\system32\nvmccs.dll
2010-03-16 01:37 . 2008-08-02 04:20 163908 ----a-w- c:\windows\system32\nvsvc32.exe
2010-03-16 01:37 . 2008-08-02 04:20 143360 ----a-w- c:\windows\system32\nvcolor.exe
2010-03-16 01:37 . 2008-08-02 04:20 13570048 ----a-w- c:\windows\system32\nvcpl.dll
2010-03-16 01:37 . 2008-08-02 04:20 81920 ----a-w- c:\windows\system32\nvwddi.dll
2010-03-15 18:56 . 2010-03-17 20:59 -------- d-----w- c:\program files\BRS
2010-03-15 18:51 . 2010-03-15 18:51 -------- d-----w- c:\program files\Codemasters
2010-03-12 13:32 . 2009-09-04 16:44 515416 ----a-w- c:\windows\system32\XAudio2_5.dll
2010-03-12 13:32 . 2009-09-04 16:44 238936 ----a-w- c:\windows\system32\xactengine3_5.dll
2010-03-12 13:32 . 2009-09-04 16:29 1974616 ----a-w- c:\windows\system32\D3DCompiler_42.dll
2010-03-12 13:32 . 2009-09-04 16:29 235344 ----a-w- c:\windows\system32\d3dx11_42.dll
2010-03-12 13:32 . 2009-09-04 16:29 5501792 ----a-w- c:\windows\system32\d3dcsx_42.dll
2010-03-11 19:39 . 2010-02-12 10:03 293376 ------w- c:\windows\system32\browserchoice.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M výpis ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-04-10 18:51 . 2009-12-19 18:28 17488 ----a-w- c:\windows\gdrv.sys
2010-04-04 09:20 . 2009-12-19 18:30 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-04-04 08:55 . 2009-12-20 13:39 -------- d-----w- c:\program files\NVIDIA Corporation
2010-04-04 08:55 . 2009-12-20 14:00 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-04-04 07:18 . 2001-10-25 13:00 77872 ----a-w- c:\windows\system32\perfc005.dat
2010-04-04 07:18 . 2001-10-25 13:00 428750 ----a-w- c:\windows\system32\perfh005.dat
2010-04-02 20:12 . 2009-12-19 18:34 -------- d-----w- c:\program files\Realtek
2010-04-02 20:04 . 2010-01-24 11:30 1324 ----a-w- c:\windows\system32\d3d9caps.dat
2010-04-02 07:20 . 2009-12-19 18:55 24944 ----a-w- c:\windows\system32\drivers\GVTDrv.sys
2010-03-29 16:48 . 2009-12-19 20:07 138184 ----a-w- c:\windows\system32\drivers\PnkBstrK.sys
2010-03-29 16:47 . 2009-12-19 20:07 183112 ----a-w- c:\windows\system32\PnkBstrB.exe
2010-03-20 19:00 . 2009-12-22 20:24 17488 ----a-w- c:\windows\etdrv.sys
2010-03-16 06:51 . 2009-12-20 13:59 2183470 ----a-w- c:\windows\system32\nvdata.bin
2010-03-12 14:25 . 2009-12-20 09:46 -------- d-----w- c:\program files\Electronic Arts
2010-02-26 05:43 . 2004-08-17 12:49 668160 ------w- c:\windows\system32\wininet.dll
2010-02-26 05:43 . 2004-08-17 12:49 81920 ----a-w- c:\windows\system32\ieencode.dll
2010-02-23 20:26 . 2009-12-19 20:07 75064 ----a-w- c:\windows\system32\PnkBstrA.exe
2010-02-21 09:06 . 2010-02-21 09:06 -------- d-----w- c:\program files\Paint.NET
2010-02-16 14:34 . 2010-02-16 14:34 -------- d-----w- c:\program files\Common Files\Adobe
2010-02-16 14:31 . 2010-02-16 14:31 -------- d-----w- c:\program files\LG Soft India
2010-02-16 14:31 . 2009-12-19 18:29 -------- d-----w- c:\program files\Common Files\InstallShield
2010-02-13 10:56 . 2010-02-12 19:10 -------- d-----w- c:\program files\Counter-Strike 1.6
2010-02-13 05:59 . 2010-02-13 05:47 -------- d-----w- c:\program files\FlatOut2
2010-02-12 20:09 . 2010-02-12 17:46 533 ----a-w- c:\windows\eReg.dat
2010-02-12 20:03 . 2010-01-24 15:00 -------- d-----w- c:\program files\EA Games
2010-02-12 19:13 . 2010-01-08 12:23 -------- d-----w- c:\program files\Valve
2010-02-12 18:23 . 2010-02-12 18:23 -------- d-----w- c:\program files\GameSpy Arcade
2010-02-11 22:19 . 2010-02-11 21:36 -------- d-----w- c:\program files\Dassault Systemes
2010-02-11 16:05 . 2010-02-11 16:05 -------- d-----w- c:\program files\GIMP-2.0
2010-02-11 13:19 . 2010-02-11 13:19 -------- d-----w- c:\program files\Foxit Software
2010-02-11 13:16 . 2010-02-11 13:16 -------- d-----w- c:\program files\GameTop.com
2010-02-10 11:43 . 2004-08-17 12:49 219648 ----a-w- c:\windows\system32\uxtheme.dll
2010-02-10 11:37 . 2010-02-10 11:05 -------- d-----w- c:\program files\TrueTransparency
2010-01-25 17:51 . 2010-01-25 17:51 25512 ----a-w- c:\windows\system32\drivers\ggsemc.sys
2010-01-25 17:51 . 2010-01-25 17:51 13224 ----a-w- c:\windows\system32\drivers\ggflt.sys
2010-01-25 17:51 . 2010-01-25 17:51 1112288 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll
2010-01-24 01:54 . 2010-01-24 01:54 107888 ----a-w- c:\windows\system32\CmdLineExt.dll
.

(((((((((((((((((((((((((((((((((( Spouštěcí body v registru )))))))))))))))))))))))))))))))))))))))))))))
.
.
*Poznámka* prázdné záznamy a legitimní výchozí údaje nejsou zobrazeny.
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RGSC"="c:\program files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe" [2010-01-24 306088]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-01-05 413696]
"nwiz"="nwiz.exe" [2008-08-02 1657376]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-08-02 13570048]
"EasyTuneVI"="c:\program files\GIGABYTE\ET6\ETcall.exe" [2007-07-26 20480]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2010-01-04 149280]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 1983816]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe" [2004-04-17 196608]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-04-13 69632]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-08-02 86016]
"RTHDCPL"="RTHDCPL.EXE" [2006-10-30 16269312]
"egui"="c:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2010-03-31 2145000]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2008-04-14 15360]

c:\documents and settings\Administrator\Nabˇdka Start\Programy\Po spuçtŘnˇ\
GIGABYTE Gamer HUD.lnk - c:\program files\GIGABYTE\Gamer HUD\HUD.exe [2008-6-26 1940992]
MemSet.exe.lnk - c:\windows\MemSave\MemSet.exe [2010-2-26 949248]

c:\documents and settings\All Users\Nabˇdka Start\Programy\Po spuçtŘnˇ\
forteManager.lnk - c:\program files\LG Soft India\forteManager\bin\Monitor.exe [2010-2-16 1687552]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\PnkBstrA.exe"=
"c:\\WINDOWS\\system32\\PnkBstrB.exe"=
"c:\\Program Files\\GIGABYTE\\ET6\\UpdExe.exe"=
"c:\\Program Files\\GIGABYTE\\EnergySaver\\run.exe"=
"c:\\Program Files\\Activision\\Call of Duty 4 - Modern Warfare\\iw3mp.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutLauncher.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutConfigTool.exe"=
"c:\\Program Files\\Electronic Arts\\Burnout(TM) Paradise The Ultimate Box\\BurnoutParadise.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\GIGABYTE\\ET6\\GBTUpd.exe"=
"c:\\Program Files\\Valve\\hl.exe"=
"c:\\Program Files\\Rockstar Games\\Rockstar Games Social Club\\RGSCLauncher.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\LaunchGTAIV.exe"=
"c:\\Program Files\\Rockstar Games\\Grand Theft Auto IV\\GTAIV.exe"=
"c:\\Program Files\\Sony Ericsson\\Update Service\\Update Service.exe"=
"c:\\Program Files\\GIGABYTE\\@BIOS\\gwflash.exe"=
"c:\\Program Files\\Counter-Strike 1.6\\hl.exe"=
"c:\\Program Files\\EA Games\\Battlefield 1942\\BF1942.exe"=
"c:\\Program Files\\VideoLAN\\VLC\\vlc.exe"=
"c:\\Program Files\\Electronic Arts\\Battlefield Bad Company 2\\BFBC2Updater.exe"=

R1 ehdrv;ehdrv;c:\windows\system32\drivers\ehdrv.sys [31.3.2010 8:22 114984]
R1 epfwtdir;epfwtdir;c:\windows\system32\drivers\epfwtdir.sys [31.3.2010 8:23 95872]
R2 ekrn;ESET Service;c:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [31.3.2010 8:23 810120]
S2 GEST Service;GEST Service for program management.;c:\program files\GIGABYTE\EnergySaver\GSvr.exe [19.12.2009 20:30 80392]
S2 gupdate1ca9471cce7c6bc;Služba Google Update (gupdate1ca9471cce7c6bc);c:\program files\Google\Update\GoogleUpdate.exe [13.1.2010 18:59 133104]
S3 AODDriver;AODDriver;c:\program files\GIGABYTE\ET6\i386\AODDriver.sys [23.2.2009 1:16 7168]
S3 cpuz130;cpuz130;\??\c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys --> c:\docume~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys [?]
S3 etdrv;etdrv;c:\windows\etdrv.sys [22.12.2009 22:24 17488]
S3 EverestDriver;Lavalys EVEREST Kernel Driver;c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt [26.12.2009 12:17 26736]
S3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\drivers\ggflt.sys [25.1.2010 19:51 13224]
S3 GVTDrv;GVTDrv;c:\windows\system32\drivers\GVTDrv.sys [19.12.2009 20:55 24944]
S3 LGDDCDevice;LGDDCDevice;c:\program files\LG Soft India\forteManager\bin\I2CDriver.sys [16.2.2010 16:31 14336]
S3 LGII2CDevice;LGII2CDevice;c:\program files\LG Soft India\forteManager\bin\PII2CDriver.sys [16.2.2010 16:31 18432]
.
Obsah adresáře 'Naplánované úlohy'

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-13 16:59]

2010-04-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-01-13 16:59]
.
.
------- Doplňkový sken -------
.
uInternet Connection Wizard,ShellNext = hxxp://hawxgame.com/demo
FF - ProfilePath - c:\documents and settings\Administrator\Data aplikací\Mozilla\Firefox\Profiles\devn4wnd.default\
FF - prefs.js: browser.startup.homepage - hxxp://seznam.cz/
FF - plugin: c:\program files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Google\Update\1.2.183.23\npGoogleOneClick8.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll
FF - plugin: c:\program files\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- NASTAVENÍ FIREFOXU ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_popup_windows", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.enable_click_image_resizing", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accessibility.browsewithcaret_shortcut.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.high_water_mark", 32);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("javascript.options.mem.gc_frequency", 1600);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.trackpoint_hack.enabled", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.debug", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.agedWeight", 2);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.bucketSize", 1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.maxTimeGroupings", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.timeGroupingSize", 604800);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.boundaryWeight", 25);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.formfill.prefixWeight", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("html5.enable", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.download.backgroundInterval", 600);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("app.update.url.manual", "http://www.firefox.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-ja", "mozff");
c:\program files\Mozilla Firefox\defaults\pref\firefox-l10n.js - pref("browser.fixup.alternate.suffix", ".cz");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add", "addons.mozilla.org");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("xpinstall.whitelist.add.36", "getpersonas.com");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("lightweightThemes.update.enabled", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.allTabs.previews", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.hide_infobar_for_outdated_plugin", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("toolbar.customization.usesheet", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.enable", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.max", 20);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.taskbar.previews.cachetime", 20);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-04-10 20:58
Windows 5.1.2600 Service Pack 3 NTFS

skenování skrytých procesů ...

skenování skrytých položek 'Po spuštění' ...

skenování skrytých souborů ...

sken byl úspešně dokončen
skryté soubory: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\c:\program files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt"
.
--------------------- ZAMKNUTÉ KLÍČE V REGISTRU ---------------------

[HKEY_USERS\S-1-5-21-790525478-842925246-725345543-500\Software\SecuROM\License information*]
"datasecu"=hex:0f,91,3b,21,bc,19,be,c9,dd,31,9c,4c,6d,8d,7d,8b,8b,c5,bc,97,9a,
c8,f3,23,47,b3,f7,ce,f4,56,3f,96,a9,a7,7a,ad,df,35,21,1c,59,f4,94,46,59,e8,\
"rkeysecu"=hex:b1,b2,47,6c,3f,2f,97,6a,be,87,4d,49,5c,40,ab,d7
.
--------------------- Knihovny navázané na běžící procesy ---------------------

- - - - - - - > 'winlogon.exe'(796)
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\sfc_os.dll
c:\windows\system32\cscui.dll

- - - - - - - > 'lsass.exe'(852)
c:\windows\system32\setupapi.dll
c:\windows\system32\psbase.dll

- - - - - - - > 'explorer.exe'(3392)
c:\windows\system32\COMRes.dll
c:\windows\System32\cscui.dll
c:\windows\system32\wpdshext.dll
c:\windows\system32\PortableDeviceApi.dll
c:\windows\system32\SETUPAPI.dll
c:\windows\system32\Audiodev.dll
c:\windows\system32\WMVCore.DLL
c:\windows\system32\WMASF.DLL
c:\windows\system32\msi.dll
c:\windows\system32\NETSHELL.dll
c:\windows\system32\credui.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
.
------------------------ Jiné spuštené procesy ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\PnkBstrA.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\RTHDCPL.EXE
c:\windows\system32\wbem\wmiapsrv.exe
c:\windows\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe
c:\program files\Java\jre6\bin\jucheck.exe
c:\program files\Mozilla Firefox\firefox.exe
.
**************************************************************************
.
Celkový čas: 2010-04-10 20:58:41 - počítač byl restartován
ComboFix-quarantined-files.txt 2010-04-10 18:58
ComboFix2.txt 2010-04-10 17:27

Před spuštěním: Volných bajtů: 196 419 440 640
Po spuštění: Volných bajtů: 196 446 642 176

- - End Of File - - 3F2AF5A4AD998AE138DDC3271B43E663



############################## | UsbFix V6.102 |

User : Administrator (Administrators) # MARTIN
Update on 10/04/2010 by El Desaparecido , C_XX & Chimay8
Start at: 21:05:48 | 10.4.2010
Website : http://pagesperso-orange.fr/NosTools/index.html
Contact : FindyKill.Contact@gmail.com

Intel(R) Core(TM)2 CPU 4400 @ 2.00GHz
Systém Microsoft Windows XP Professional (5.1.2600 64-bit) # Service Pack 3
Internet Explorer 6.0.2900.5512
Windows Firewall Status : Enabled
AV : ESET NOD32 Antivirus 4.2 4.2 [ Enabled | Updated ]

C:\ -> Místní pevný disk # 465,75 Go (182,94 Go free) # NTFS
D:\ -> Disk CD-ROM # 276,8 Mo (0 Mo free) [ReatogoPE] # CDFS
E:\ -> Vyměnitelný disk # 1,9 Go (1,9 Go free) # FAT32

################## | Files # Infected Folders |

(!) Not deleted ! D:\autorun.inf

################## | Registry |

Deleted ! [HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"
Deleted ! [HKCU\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] "NoDrives"

################## | Mountpoints2 |


################## | Listing of the present files |

[12.03.2010 16:05|--a------|393733] C:\AnalysisLog.sr0
[19.12.2009 20:19|--a------|0] C:\AUTOEXEC.BAT
[10.04.2010 19:04|-rahs----|281] C:\boot.ini
[25.10.2001 15:00|-rahs----|4952] C:\Bootfont.bin
[10.04.2010 20:58|--a------|21905] C:\ComboFix.txt
[19.12.2009 20:19|--a------|0] C:\CONFIG.SYS
[19.12.2009 20:36|--a------|86] C:\csb.log
[19.12.2009 20:19|-rahs----|0] C:\IO.SYS
[19.12.2009 20:19|-rahs----|0] C:\MSDOS.SYS
[03.08.2004 21:38|-rahs----|47564] C:\NTDETECT.COM
[19.12.2009 20:56|-rahs----|250576] C:\ntldr
[10.04.2010 23:44|--a------|171572] C:\OTL.Txt
[?|?|?] C:\pagefile.sys
[20.02.2010 22:43|--a------|1786837] C:\Plintfingburg Transport, 28. lis 1960.sav
[19.12.2009 20:34|--a------|429] C:\RHDSetup.log
[10.04.2010 21:05|--a------|73] C:\service.log
[12.02.2010 16:13|--a------|2150] C:\SessionInfoFile_Administrator_d043_h15m13_0.txt
[10.04.2010 21:11|--a------|2012] C:\UsbFix.txt
[24.03.2006 13:06|-r-------|53] D:\AUTORUN.INF
[15.03.2010 18:15|-r-------|0] D:\WIN51IP
[15.03.2010 18:15|-r-------|0] D:\WIN51IP.SP2
[16.07.2005 23:36|-r-------|240128] D:\reatogoMenu.exe
[15.03.2010 18:19|-r-------|1177] D:\reatogoMenu.ini
[27.02.2008 15:15|--a------|220] E:\AUTOEXEC.BAT
[09.04.2010 16:29|--a------|71] E:\setfsb.txt

################## | Vaccination |

# C:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).
# E:\autorun.inf -> Autorun.inf created by UsbFix (El Desaparecido).

################## | Upload |

Please send the file : C:\UsbFix_Upload_Me_MARTIN.zip : http://chiquitine.changelog.fr/Sample/Upload.php
Thank you for your contribution .

################## | ! End of report # UsbFix V6.102 ! |

Re: Po restartu, vše jak před dvěma dny... pls. Help

Napsal: 10 dub 2010 20:23
od Spo.On
Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2010-04-10 21:21:44
Systém Microsoft Windows XP Professional Service Pack 3
System drive C: has 187 GB (39%) free of 477 GB
Total RAM: 2046 MB (77% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:21:55, on 10.4.2010
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
C:\Program Files\Java\jre6\bin\jqs.exe
C:\WINDOWS\system32\PnkBstrA.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wbem\wmiapsrv.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Administrator\Plocha\RSIT(2).exe
C:\Program Files\trend micro\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://fr.msn.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://hawxgame.com/demo
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Odkazy
R3 - URLSearchHook: DeviceVM Url Search Hook - {0063BF63-BFFF-4B8F-9D26-4267DF7F17DD} - C:\WINDOWS\system32\dvmurl.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (file missing)
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [EasyTuneVI] C:\Program Files\GIGABYTE\ET6\ETcall.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
O4 - HKLM\..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe /logon
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [SkyTel] SkyTel.EXE
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [egui] "C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe" /hide /waitservice
O4 - HKCU\..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: GIGABYTE Gamer HUD.lnk = C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe
O4 - Startup: MemSet.exe.lnk = C:\WINDOWS\MemSave\MemSet.exe
O4 - Global Startup: forteManager.lnk = ?
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O23 - Service: ESET HTTP Server (EhttpSrv) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe
O23 - Service: ESET Service (ekrn) - ESET - C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
O23 - Service: GEST Service for program management. (GEST Service) - Unknown owner - C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe
O23 - Service: Služba Google Update (gupdate1ca9471cce7c6bc) (gupdate1ca9471cce7c6bc) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: Canon Inkjet Printer/Scanner/Fax Extended Survey Program (IJPLMSVC) - Unknown owner - C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PnkBstrA - Unknown owner - C:\WINDOWS\system32\PnkBstrA.exe

--
End of file - 5349 bytes

======Scheduled tasks folder======

C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]
AVG Safe Search - C:\Program Files\AVG\AVG9\avgssie.dll []

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}]
Java(tm) Plug-In 2 SSV Helper - C:\Program Files\Java\jre6\bin\jp2ssv.dll [2010-01-04 41760]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E7E6F031-17CE-4C07-BC86-EABFE594F69C}]
JQSIEStartDetectorImpl Class - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll [2010-01-04 73728]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"=C:\Program Files\QuickTime\QTTask.exe [2009-01-05 413696]
"nwiz"=nwiz.exe /install []
"NvCplDaemon"=C:\WINDOWS\system32\NvCpl.dll [2008-08-02 13570048]
"EasyTuneVI"=C:\Program Files\GIGABYTE\ET6\ETcall.exe [2007-07-26 20480]
"SunJavaUpdateSched"=C:\Program Files\Java\jre6\bin\jusched.exe [2010-01-04 149280]
"CanonMyPrinter"=C:\Program Files\Canon\MyPrinter\BJMyPrt.exe [2009-07-27 1983816]
"CanonSolutionMenu"=C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe [2009-03-18 767312]
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe [2004-04-17 196608]
"ISUSScheduler"=C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe [2004-04-13 69632]
"SkyTel"=C:\WINDOWS\SkyTel.EXE [2006-05-16 2879488]
"NvMediaCenter"=C:\WINDOWS\system32\NvMcTray.dll [2008-08-02 86016]
"RTHDCPL"=C:\WINDOWS\RTHDCPL.EXE [2006-10-30 16269312]
"egui"=C:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe [2010-03-31 2145000]

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"RGSC"=C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe [2010-01-24 306088]

C:\Documents and Settings\All Users\Nabídka Start\Programy\Po spuštění
forteManager.lnk - C:\Program Files\LG Soft India\forteManager\bin\Monitor.exe

C:\Documents and Settings\Administrator\Nabídka Start\Programy\Po spuštění
GIGABYTE Gamer HUD.lnk - C:\Program Files\GIGABYTE\Gamer HUD\HUD.exe
MemSet.exe.lnk - C:\WINDOWS\MemSave\MemSet.exe

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\Wdf01000.sys]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=255
"NoDriveAutoRun"=255
"HonorAutoRunSetting"=0

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\WINDOWS\system32\PnkBstrA.exe"="C:\WINDOWS\system32\PnkBstrA.exe:*:Enabled:PnkBstrA"
"C:\WINDOWS\system32\PnkBstrB.exe"="C:\WINDOWS\system32\PnkBstrB.exe:*:Enabled:PnkBstrB"
"C:\Program Files\GIGABYTE\ET6\UpdExe.exe"="C:\Program Files\GIGABYTE\ET6\UpdExe.exe:*:Enabled:Exe File"
"C:\Program Files\GIGABYTE\EnergySaver\run.exe"="C:\Program Files\GIGABYTE\EnergySaver\run.exe:*:Enabled:update"
"C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe"="C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\iw3mp.exe:*:Enabled:Call of Duty(R) 4 - Modern Warfare(TM) "
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutLauncher.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutConfigTool.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe"="C:\Program Files\Electronic Arts\Burnout(TM) Paradise The Ultimate Box\BurnoutParadise.exe:*:Enabled:Burnout(TM) Paradise The Ultimate Box"
"C:\Program Files\Opera\opera.exe"="C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser"
"C:\Program Files\GIGABYTE\ET6\GBTUpd.exe"="C:\Program Files\GIGABYTE\ET6\GBTUpd.exe:*:Enabled:GBTUpd.exe"
"C:\Program Files\Valve\hl.exe"="C:\Program Files\Valve\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe"="C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe:*:Enabled:Rockstar Games Social Club"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\LaunchGTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe"="C:\Program Files\Rockstar Games\Grand Theft Auto IV\GTAIV.exe:*:Enabled:Grand Theft Auto IV"
"C:\Program Files\Sony Ericsson\Update Service\Update Service.exe"="C:\Program Files\Sony Ericsson\Update Service\Update Service.exe:*:Enabled:Update Service"
"C:\Program Files\GIGABYTE\@BIOS\gwflash.exe"="C:\Program Files\GIGABYTE\@BIOS\gwflash.exe:*:Enabled:@BIOS Application"
"C:\Program Files\Counter-Strike 1.6\hl.exe"="C:\Program Files\Counter-Strike 1.6\hl.exe:*:Enabled:Half-Life Launcher"
"C:\Program Files\EA Games\Battlefield 1942\BF1942.exe"="C:\Program Files\EA Games\Battlefield 1942\BF1942.exe:*:Enabled:BF1942"
"C:\Program Files\VideoLAN\VLC\vlc.exe"="C:\Program Files\VideoLAN\VLC\vlc.exe:*:Enabled:VLC media player"
"C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe"="C:\Program Files\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe:*:Enabled:Battlefield: Bad Company™ 2"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2010-04-10 23:45:07 ----D---- C:\_OTL
2010-04-10 21:21:45 ----D---- C:\Program Files\trend micro
2010-04-10 21:21:44 ----D---- C:\rsit
2010-04-10 21:11:09 ----RASHD---- C:\autorun.inf
2010-04-10 21:11:07 ----SHD---- C:\RECYCLER
2010-04-10 21:05:41 ----A---- C:\UsbFix.txt
2010-04-10 21:03:05 ----D---- C:\UsbFix
2010-04-10 20:58:42 ----A---- C:\ComboFix.txt
2010-04-10 20:47:32 ----D---- C:\ComboFix
2010-04-10 20:27:12 ----D---- C:\Program Files\ESET
2010-04-10 20:27:12 ----D---- C:\Documents and Settings\All Users\Data aplikací\ESET
2010-04-10 19:20:38 ----D---- C:\Qoobox
2010-04-10 19:04:23 ----RASHD---- C:\cmdcons
2010-04-10 19:03:13 ----A---- C:\WINDOWS\zip.exe
2010-04-10 19:03:13 ----A---- C:\WINDOWS\SWXCACLS.exe
2010-04-10 19:03:13 ----A---- C:\WINDOWS\SWSC.exe
2010-04-10 19:03:13 ----A---- C:\WINDOWS\SWREG.exe
2010-04-10 19:03:13 ----A---- C:\WINDOWS\sed.exe
2010-04-10 19:03:13 ----A---- C:\WINDOWS\PEV.exe
2010-04-10 19:03:13 ----A---- C:\WINDOWS\NIRCMD.exe
2010-04-10 19:03:13 ----A---- C:\WINDOWS\MBR.exe
2010-04-10 19:03:13 ----A---- C:\WINDOWS\grep.exe
2010-04-10 18:59:52 ----D---- C:\WINDOWS\ERDNT
2010-04-10 16:47:55 ----A---- C:\OTL.Txt
2010-04-04 11:20:34 ----RA---- C:\WINDOWS\system32\Ntport.dll
2010-04-04 11:20:34 ----RA---- C:\WINDOWS\system32\Msstdfmt.dll
2010-04-04 11:20:34 ----RA---- C:\WINDOWS\system32\itevio.dll
2010-04-04 11:20:33 ----D---- C:\WINDOWS\SysWow64
2010-04-04 10:53:49 ----A---- C:\WINDOWS\system32\XAudio2_6.dll
2010-04-04 10:53:49 ----A---- C:\WINDOWS\system32\XAPOFX1_4.dll
2010-04-04 10:53:48 ----A---- C:\WINDOWS\system32\xactengine3_6.dll
2010-04-04 10:53:48 ----A---- C:\WINDOWS\system32\X3DAudio1_7.dll
2010-04-04 10:38:33 ----D---- C:\Program Files\METRO 2033
2010-04-04 09:23:56 ----D---- C:\Config.Msi
2010-04-04 09:13:59 ----A---- C:\WINDOWS\ntbtlog.txt
2010-04-03 17:45:05 ----D---- C:\Program Files\Sophos
2010-04-03 10:00:05 ----D---- C:\Documents and Settings\Administrator\Data aplikací\DAEMON Tools Lite
2010-04-03 10:00:03 ----D---- C:\Documents and Settings\All Users\Data aplikací\DAEMON Tools Lite
2010-04-03 09:17:13 ----D---- C:\Program Files\Steam
2010-04-02 22:12:25 ----A---- C:\WINDOWS\Alcmtr.exe
2010-04-02 22:07:33 ----D---- C:\WINDOWS\NV3676340.TMP
2010-04-02 21:43:20 ----A---- C:\WINDOWS\system32\wshirda.dll
2010-04-02 21:43:20 ----A---- C:\WINDOWS\system32\irmon.dll
2010-04-02 21:43:20 ----A---- C:\WINDOWS\system32\irftp.exe
2010-03-31 19:25:29 ----HDC---- C:\WINDOWS\$NtUninstallKB980182$
2010-03-28 10:21:39 ----D---- C:\RAR
2010-03-16 03:37:50 ----A---- C:\WINDOWS\system32\nvsvc32.exe
2010-03-16 03:37:50 ----A---- C:\WINDOWS\system32\nvmctray.dll
2010-03-16 03:37:50 ----A---- C:\WINDOWS\system32\nvmccs.dll
2010-03-16 03:37:50 ----A---- C:\WINDOWS\system32\nvcpl.dll
2010-03-16 03:37:50 ----A---- C:\WINDOWS\system32\nvcolor.exe
2010-03-16 03:37:44 ----A---- C:\WINDOWS\system32\nvwddi.dll
2010-03-15 20:59:05 ----D---- C:\Documents and Settings\All Users\Data aplikací\Codemasters
2010-03-15 20:56:41 ----D---- C:\Documents and Settings\Administrator\Data aplikací\vlc
2010-03-15 20:56:00 ----D---- C:\Program Files\BRS
2010-03-15 20:55:50 ----RA---- C:\WINDOWS\system32\tmp22D.tmp
2010-03-15 20:55:50 ----RA---- C:\WINDOWS\system32\tmp22C.tmp
2010-03-15 20:51:19 ----D---- C:\Program Files\Codemasters
2010-03-14 19:54:06 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Mikrotik
2010-03-12 15:32:40 ----A---- C:\WINDOWS\system32\XAudio2_5.dll
2010-03-12 15:32:39 ----A---- C:\WINDOWS\system32\xactengine3_5.dll
2010-03-12 15:32:39 ----A---- C:\WINDOWS\system32\D3DCompiler_42.dll
2010-03-12 15:32:38 ----A---- C:\WINDOWS\system32\d3dx11_42.dll
2010-03-12 15:32:38 ----A---- C:\WINDOWS\system32\d3dcsx_42.dll
2010-03-11 21:39:35 ----N---- C:\WINDOWS\system32\browserchoice.exe
2010-03-11 00:57:52 ----HDC---- C:\WINDOWS\$NtUninstallKB975561$

======List of files/folders modified in the last 1 months======

2010-04-10 21:21:45 ----RD---- C:\Program Files
2010-04-10 21:21:45 ----D---- C:\WINDOWS\Temp
2010-04-10 21:05:38 ----A---- C:\WINDOWS\SchedLgU.Txt
2010-04-10 20:58:44 ----D---- C:\WINDOWS\system32\drivers
2010-04-10 20:57:33 ----D---- C:\WINDOWS\system32\CatRoot2
2010-04-10 20:52:00 ----D---- C:\WINDOWS
2010-04-10 20:51:47 ----A---- C:\WINDOWS\system.ini
2010-04-10 20:51:15 ----D---- C:\WINDOWS\system32
2010-04-10 20:49:19 ----D---- C:\WINDOWS\AppPatch
2010-04-10 20:49:10 ----D---- C:\Program Files\Common Files
2010-04-10 20:27:41 ----SHD---- C:\WINDOWS\Installer
2010-04-10 20:27:35 ----HD---- C:\WINDOWS\inf
2010-04-10 20:08:45 ----SD---- C:\Documents and Settings\Administrator\Data aplikací\Microsoft
2010-04-10 19:35:51 ----D---- C:\Program Files\Mozilla Firefox
2010-04-10 19:33:36 ----D---- C:\WINDOWS\Minidump
2010-04-10 19:04:29 ----RASH---- C:\boot.ini
2010-04-10 18:59:38 ----D---- C:\WINDOWS\Prefetch
2010-04-04 11:20:33 ----HD---- C:\Program Files\InstallShield Installation Information
2010-04-04 10:55:49 ----D---- C:\Program Files\NVIDIA Corporation
2010-04-04 10:55:48 ----D---- C:\Program Files\Common Files\Wise Installation Wizard
2010-04-04 10:53:51 ----D---- C:\WINDOWS\system32\DirectX
2010-04-04 10:53:20 ----RSD---- C:\WINDOWS\assembly
2010-04-04 10:53:09 ----D---- C:\WINDOWS\system32\CatRoot
2010-04-04 09:31:05 ----D---- C:\WINDOWS\system32\config
2010-04-04 09:30:30 ----D---- C:\WINDOWS\system32\wbem
2010-04-04 09:30:23 ----D---- C:\WINDOWS\Registration
2010-04-04 09:27:28 ----D---- C:\Documents and Settings\Administrator\Data aplikací\Real
2010-04-04 09:25:13 ----RSHDC---- C:\WINDOWS\system32\dllcache
2010-04-04 09:24:52 ----D---- C:\WINDOWS\Help
2010-04-03 09:16:56 ----D---- C:\WINDOWS\WinSxS
2010-04-02 22:12:54 ----D---- C:\WINDOWS\system32\RTCOM
2010-04-02 22:12:25 ----D---- C:\Program Files\Realtek
2010-04-02 22:07:34 ----D---- C:\WINDOWS\nview
2010-04-02 21:43:20 ----D---- C:\WINDOWS\Media
2010-03-31 15:42:16 ----HD---- C:\WINDOWS\$hf_mig$
2010-03-29 18:47:45 ----A---- C:\WINDOWS\system32\PnkBstrB.exe
2010-03-15 17:34:18 ----A---- C:\WINDOWS\system32\PerfStringBackup.INI
2010-03-14 22:34:29 ----D---- C:\Documents and Settings\Administrator\Data aplikací\dvdcss
2010-03-13 11:37:04 ----D---- C:\Fraps
2010-03-12 16:25:54 ----D---- C:\Program Files\Electronic Arts
2010-03-12 16:25:04 ----D---- C:\WINDOWS\Logs
2010-03-11 00:57:58 ----A---- C:\WINDOWS\imsins.BAK
2010-03-11 00:57:54 ----D---- C:\Program Files\Movie Maker

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 ehdrv;ehdrv; C:\WINDOWS\system32\DRIVERS\ehdrv.sys [2010-03-31 114984]
R1 epfwtdir;epfwtdir; C:\WINDOWS\system32\DRIVERS\epfwtdir.sys [2010-03-31 95872]
R1 intelppm;Řadič procesoru Intel; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-14 40192]
R2 eamon;eamon; C:\WINDOWS\system32\DRIVERS\eamon.sys [2010-03-31 140216]
R2 irda;Protokol IrDA; C:\WINDOWS\system32\DRIVERS\irda.sys [2008-04-14 88192]
R3 Arp1394;Protokol 1394 ARP Client; C:\WINDOWS\system32\DRIVERS\arp1394.sys [2008-04-14 60800]
R3 gdrv;gdrv; \??\C:\WINDOWS\gdrv.sys []
R3 HDAudBus;Ovladač Microsoft UAA pro sběrnici High Definition Audio; C:\WINDOWS\system32\DRIVERS\HDAudBus.sys [2008-04-13 144384]
R3 HidUsb;Ovladač třídy standardu HID; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-14 10368]
R3 IntcAzAudAddService;Service for Realtek HD Audio (WDM); C:\WINDOWS\system32\drivers\RtkHDAud.sys [2006-11-03 4394496]
R3 irsir;Microsoft Serial Infrared Driver; C:\WINDOWS\system32\DRIVERS\irsir.sys [2001-08-17 18688]
R3 mouhid;Ovladač myši standardu HID; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-10-24 12160]
R3 NIC1394;1394 Net Driver; C:\WINDOWS\system32\DRIVERS\nic1394.sys [2008-04-14 61824]
R3 nv;nv; C:\WINDOWS\system32\DRIVERS\nv4_mini.sys [2008-08-02 6121856]
R3 Rasirda;WAN Miniport (IrDA); C:\WINDOWS\system32\DRIVERS\rasirda.sys [2001-08-17 19584]
R3 RTLE8023xp;Realtek 10/100/1000 PCI-E NIC Family NDIS XP Driver; C:\WINDOWS\system32\DRIVERS\Rtenicxp.sys [2008-06-16 109184]
R3 usbehci;Ovladač miniportu rozšířeného radiče hostitele Microsoft USB 2.0; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-14 30208]
R3 usbhub;Rozbočovač umožnující USB2; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-14 59520]
R3 USBSTOR;Ovladač velkokapacitního paměťového zařízení USB; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-14 26368]
R3 usbuhci;Ovladač Microsoft univerzálního hostitelského řadiče USB od společnosti Microsoft; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-14 20608]
S3 AODDriver;AODDriver; \??\C:\Program Files\GIGABYTE\ET6\i386\AODDriver.sys []
S3 catchme;catchme; \??\C:\ComboFix\catchme.sys []
S3 cpuz130;cpuz130; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cpuz130\cpuz_x32.sys []
S3 ENTECH;ENTECH; \??\C:\WINDOWS\system32\DRIVERS\ENTECH.sys []
S3 etdrv;etdrv; \??\C:\WINDOWS\etdrv.sys []
S3 EverestDriver;Lavalys EVEREST Kernel Driver; \??\C:\Program Files\Lavalys\EVEREST Ultimate Edition\kerneld.wnt []
S3 ggflt;SEMC USB Flash Driver Filter; C:\WINDOWS\system32\DRIVERS\ggflt.sys [2010-01-25 13224]
S3 ggsemc;SEMC USB Flash Driver; C:\WINDOWS\system32\DRIVERS\ggsemc.sys [2010-01-25 25512]
S3 GVTDrv;GVTDrv; \??\C:\WINDOWS\system32\Drivers\GVTDrv.sys []
S3 LGDDCDevice;LGDDCDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\I2CDriver.sys []
S3 LGII2CDevice;LGII2CDevice; \??\C:\Program Files\LG Soft India\forteManager\bin\PII2CDriver.sys []
S3 usbccgp;Obecný nadřazený ovladač Microsoft USB; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-14 32128]
S3 usbprint;Třída USB Printer; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-14 25856]
S3 usbscan;Ovladač skeneru USB; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-14 15104]
S3 Wdf01000;Kernel Mode Driver Frameworks service; C:\WINDOWS\System32\Drivers\wdf01000.sys [2008-03-27 503008]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]
S4 IntelIde;IntelIde; C:\WINDOWS\system32\drivers\IntelIde.sys []

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 ekrn;ESET Service; C:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe [2010-03-31 810120]
R2 IJPLMSVC;Canon Inkjet Printer/Scanner/Fax Extended Survey Program; C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE [2009-02-10 116104]
R2 Irmon;Sledování infračerveného přenosu; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
R2 JavaQuickStarterService;Java Quick Starter; C:\Program Files\Java\jre6\bin\jqs.exe [2010-01-04 153376]
R2 NVSvc;NVIDIA Display Driver Service; C:\WINDOWS\system32\nvsvc32.exe [2008-08-02 163908]
R2 PnkBstrA;PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [2010-02-23 75064]
S2 GEST Service;GEST Service for program management.; C:\Program Files\GIGABYTE\EnergySaver\GSvr.exe [2008-07-11 80392]
S2 gupdate1ca9471cce7c6bc;Služba Google Update (gupdate1ca9471cce7c6bc); C:\Program Files\Google\Update\GoogleUpdate.exe [2010-01-13 133104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [2008-07-25 34312]
S3 clr_optimization_v2.0.50727_32;.NET Runtime Optimization Service v2.0.50727_X86; C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe [2008-07-25 69632]
S3 EhttpSrv;ESET HTTP Server; C:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe [2010-03-31 33560]
S3 FontCache3.0.0.0;Windows Presentation Foundation Font Cache 3.0.0.0; C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe [2008-07-29 46104]
S3 IDriverT;InstallDriver Table Manager; C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe [2005-04-04 69632]
S3 idsvc;Windows CardSpace; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe [2008-07-29 881664]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-14 14336]
S4 NetTcpPortSharing;Net.Tcp Port Sharing Service; C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe [2008-07-29 132096]

-----------------EOF-----------------

Re: Po restartu, vše jak před dvěma dny... pls. Help

Napsal: 10 dub 2010 21:45
od motji
:arrow:Stáhněte OTM http://oldtimer.geekstogo.com/OTM.exe
Stáhněte na plochu Otm, 2krát klikněte na Otm,spustí se program,
Do levého okna "Paste Instructions for Items to be Moved" pod žlutou čáru zkopírujete skript

Kód: Vybrat vše

:processes
explorer.exe
 
:files
C:\WINDOWS\system32\*.tmp.dll /s
C:\WINDOWS\system32\SET*.tmp /s
C:\WINDOWS\*.tmp /s
C:\WINDOWS\system32\tmp22D.tmp
C:\WINDOWS\system32\tmp22C.tmp
C:\UsbFix
C:\Program Files\AVG

:reg
[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"nwiz"=-
[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}]

:Services
catchme

:commands
[Reboot]
-klikněte na červené tlačítko Moveit!
-sem vložte obsah zeleného okénka
-Pokud se bude chtít restartovat pc, dejte YES,log pak najdete C:\_OTM\MovedFiles. Log vložte sem




***********
:arrow: Odinstalujte combofix přes Start - Spustit
- zkopírujte do okénka:

ComboFix /Uninstall

-stiskněte Enter
-To odinstaluje ComboFix a smaže s ním související soubory a složky.


***********


:arrow: Stáhněte T-Cleaner
http://sweb.cz/Marinus/T-Cleaner.exe

-Spusťte,pro potvrzení volby mačkejte klávesu A, Enter
-po použití prográmek vymažte.Pozor,antiviry ho mohou falešně označit za vir



***********


:arrow: Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázekzáložka čistič
- nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
- po analýze klikněte na Spustit Ccleaner

Obrázekzáložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy :arrow: ok :arrow: zavřít

Obrázek Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


***********



:arrow: Stahněte OTC a použijte
http://oldtimer.geekstogo.com/OTC.exe
-vyčistí tempy a po použitých programech

***********

:arrow: Nemáte firewall,k čemu je užitečný se dozvíte zde http://www.viry.cz/forum/viewtopic.php?f=41&t=20980

Pokud už s tímto počítačem nejsou problémy, máme hotovo :) .
Ten program nám dal ale zabrat :D , omlouvám se, že jsem na to nepřišla dřív :oops: , tohle by mě ale vůbec nenapadlo. :)

*******************************************
*******************************************

Druhý pc

:arrow: používáte Garenu?

:arrow: Zapojte do pc všechny usb klíče, flashky...co používáte

:arrow: Stáhněte na plochu UsbFix
-spusťte, zvolte jazyk E - potvrdťe enter
-klikněte na volbu 2 - enter
- po skenu sem vložte log , pokud na Vás nevyskočí, najdete ho C:\UsbFix.txt


:arrow: Z mého podpisu stahněte Ccleaner
- nainstalujte, při výběru, co se má nainstalovat, dejte pryč fajfku u instalace yahoo toolbaru

Obrázekzáložka čistič
-nechejte v levém sloupečku zatrhnuté vše jak je, klikněte na analyzovat
-po analýze klikněte na Spustit Ccleaner

Obrázekzáložka Registry
- klikněte na hledej problémy
- pak klikněte na opravit vybrané problémy -- udělat zálohu registrů - nemusíte
- kliknete opravit všechny problémy :arrow: ok :arrow: zavřít

Obrázek Záložka Nástroje
- zde můžete odinstalovat programy. Je to důkladnější odinstalace než u přidat/odebrat programy ve Windows.

Ccleaner - čistič doporučuji používat, krásně pročistí pc od dočasných souborů.
Registry pročistí třeba po odinstalaci nějakého programu.


:arrow: Stahněte MBAM z mého podpisu
-Nainstalujte,dejte úplný sken

NIC NEMAZAT :!:
-MBAM má občas falešné detekce,proto budeme mazat až po kontrole logu.
-Log zkopírujte sem.

Re: Po restartu, vše jak před dvěma dny... pls. Help

Napsal: 11 dub 2010 08:31
od Spo.On
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== FILES ==========
File/Folder C:\WINDOWS\system32\*.tmp.dll not found.
File/Folder C:\WINDOWS\system32\SET*.tmp not found.
File/Folder C:\WINDOWS\*.tmp not found.
File/Folder C:\WINDOWS\system32\tmp22D.tmp not found.
File/Folder C:\WINDOWS\system32\tmp22C.tmp not found.
File/Folder C:\UsbFix not found.
File/Folder C:\Program Files\AVG not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\nwiz not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
========== SERVICES/DRIVERS ==========
Error: No service named catchme was found to stop!
Service\Driver key catchme not found.
========== COMMANDS ==========

OTM by OldTimer - Version 3.1.10.1 log created on 04112010_091824

Re: Po restartu, vše jak před dvěma dny... pls. Help

Napsal: 11 dub 2010 09:36
od motji
:o To jste spouštěl na prvním nebo druhém počítači? To byl skript pro Otm na první počítač.
Všechny časy jsou v UTC+01:00
Stránka 3 z 4

Založeno na phpBB® Forum Software © phpBB Limited

Český překlad – phpBB.cz